Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable sandbox by default for homebrew/core #713

Merged
merged 5 commits into from
Aug 17, 2016
Merged

Enable sandbox by default for homebrew/core #713

merged 5 commits into from
Aug 17, 2016

Conversation

MikeMcQuaid
Copy link
Member

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew tests with your changes locally?

Now that Homebrew/homebrew-core#342 is finished we can now enable the sandbox by default for all users using the homebrew/core tap. This whitelist system should give users of the most widely used tap better security without breaking other taps that are working without the sandbox. We can aim to get all the Homebrew/homebrew-* taps supported in here eventually and allow the community to submit PRs if they want their tap protected by the sandbox. Eventually we may turn this on for all taps (but not for a while).

@MikeMcQuaid MikeMcQuaid added this to the 1.0.0 milestone Aug 14, 2016
@BrewTestBot BrewTestBot added the in progress Maintainers are working on this label Aug 14, 2016
@MikeMcQuaid MikeMcQuaid mentioned this pull request Aug 14, 2016
Closed
53 tasks
@DomT4
Copy link
Member

DomT4 commented Aug 14, 2016

👍 x 💯 x 💯 once CI is a happy happy robot.

@scpeters
Copy link
Member

For those looking for further background reading on the Sandbox, I found Homebrew/legacy-homebrew#37552 to be helpful.

@MikeMcQuaid
sandbox: add test? method.
fed9638 
Simplify checking if we’re going to sandbox a test with `Sandbox.test?`.
@MikeMcQuaid
cmd/test: use Sandbox.test?
ca3e4fc
@MikeMcQuaid
sandbox: add formula? method and sandbox core.
6e887fb 
Add a new `Sandbox.formula?` method to see if a given formula should be
sandboxed. Use the formula to check its tap against a list of
pre-approved taps where we know every formula builds under the sandbox
(currently just homebrew/core).
@MikeMcQuaid
formula_installer: use Sandbox.formula? method.
6375adc
@MikeMcQuaid
cmd/postinstall: use Sandbox.formula? method.
c615195
@mistydemeo
Copy link
Member

😻

@MikeMcQuaid MikeMcQuaid merged commit 2ab5c77 into Homebrew:master Aug 17, 2016
@MikeMcQuaid MikeMcQuaid deleted the ship-sandbox branch August 17, 2016 07:30
@BrewTestBot BrewTestBot removed the in progress Maintainers are working on this label Aug 17, 2016
@MikeMcQuaid MikeMcQuaid mentioned this pull request Aug 23, 2016
Closed
@Homebrew Homebrew locked and limited conversation to collaborators May 3, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
5 participants
@MikeMcQuaid @DomT4 @scpeters @mistydemeo @BrewTestBot