From fed96385acc2ee10909870997950f2e48a86026f Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Sun, 14 Aug 2016 17:33:05 +0100 Subject: [PATCH 1/5] sandbox: add test? method. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify checking if we’re going to sandbox a test with `Sandbox.test?`. --- Library/Homebrew/sandbox.rb | 5 +++++ Library/Homebrew/test/test_sandbox.rb | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb index 4823baf7f8643..c299d2f457bb2 100644 --- a/Library/Homebrew/sandbox.rb +++ b/Library/Homebrew/sandbox.rb @@ -8,6 +8,11 @@ def self.available? OS.mac? && File.executable?(SANDBOX_EXEC) end + def self.test? + return false unless available? + !ARGV.no_sandbox? + end + def self.print_sandbox_message unless @printed_sandbox_message ohai "Using the sandbox" diff --git a/Library/Homebrew/test/test_sandbox.rb b/Library/Homebrew/test/test_sandbox.rb index dc907d428da61..de60551d1d56a 100644 --- a/Library/Homebrew/test/test_sandbox.rb +++ b/Library/Homebrew/test/test_sandbox.rb @@ -13,6 +13,12 @@ def teardown @dir.rmtree end + def test_test? + ARGV.stubs(:no_sandbox?).returns false + assert Sandbox.test?, + "Tests should be sandboxed unless --no-sandbox was passed." + end + def test_allow_write @sandbox.allow_write @file @sandbox.exec "touch", @file From ca3e4fcc1de70be7d540142b186b312968e22a1a Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Sun, 14 Aug 2016 17:33:17 +0100 Subject: [PATCH 2/5] cmd/test: use Sandbox.test? --- Library/Homebrew/cmd/test.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Library/Homebrew/cmd/test.rb b/Library/Homebrew/cmd/test.rb index 0218e1c80d52b..495ea8ec8ad2f 100644 --- a/Library/Homebrew/cmd/test.rb +++ b/Library/Homebrew/cmd/test.rb @@ -57,12 +57,10 @@ def test args << "--devel" end - if Sandbox.available? && !ARGV.no_sandbox? - Sandbox.print_sandbox_message - end + Sandbox.print_sandbox_message if Sandbox.test? Utils.safe_fork do - if Sandbox.available? && !ARGV.no_sandbox? + if Sandbox.test? sandbox = Sandbox.new f.logs.mkpath sandbox.record_log(f.logs/"sandbox.test.log") From 6e887fbf5ac5bc1fb551a3e4222ad1804b490def Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Sun, 14 Aug 2016 17:34:54 +0100 Subject: [PATCH 3/5] sandbox: add formula? method and sandbox core. Add a new `Sandbox.formula?` method to see if a given formula should be sandboxed. Use the formula to check its tap against a list of pre-approved taps where we know every formula builds under the sandbox (currently just homebrew/core). --- Library/Homebrew/sandbox.rb | 8 ++++++++ Library/Homebrew/test/test_sandbox.rb | 16 ++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb index c299d2f457bb2..133bdb83c4b51 100644 --- a/Library/Homebrew/sandbox.rb +++ b/Library/Homebrew/sandbox.rb @@ -3,11 +3,19 @@ class Sandbox SANDBOX_EXEC = "/usr/bin/sandbox-exec".freeze + SANDBOXED_TAPS = [ + "homebrew/core", + ].freeze def self.available? OS.mac? && File.executable?(SANDBOX_EXEC) end + def self.formula?(formula) + return false unless available? + ARGV.sandbox? || SANDBOXED_TAPS.include?(formula.tap.to_s) + end + def self.test? return false unless available? !ARGV.no_sandbox? diff --git a/Library/Homebrew/test/test_sandbox.rb b/Library/Homebrew/test/test_sandbox.rb index de60551d1d56a..cb33c3ffa46d7 100644 --- a/Library/Homebrew/test/test_sandbox.rb +++ b/Library/Homebrew/test/test_sandbox.rb @@ -13,6 +13,22 @@ def teardown @dir.rmtree end + def test_formula? + f = formula { url "foo-1.0" } + f2 = formula { url "bar-1.0" } + f2.stubs(:tap).returns(Tap.fetch("test/tap")) + + ARGV.stubs(:sandbox?).returns true + assert Sandbox.formula?(f), + "Formulae should be sandboxed if --sandbox was passed." + + ARGV.stubs(:sandbox?).returns false + assert Sandbox.formula?(f), + "Formulae should be sandboxed if in a sandboxed tap." + refute Sandbox.formula?(f2), + "Formulae should not be sandboxed if not in a sandboxed tap." + end + def test_test? ARGV.stubs(:no_sandbox?).returns false assert Sandbox.test?, From 6375adc0ff00073740b49973aacfe81d4cd1099e Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Sun, 14 Aug 2016 17:35:06 +0100 Subject: [PATCH 4/5] formula_installer: use Sandbox.formula? method. --- Library/Homebrew/formula_installer.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb index 54581b2329203..03c9f83145c08 100644 --- a/Library/Homebrew/formula_installer.rb +++ b/Library/Homebrew/formula_installer.rb @@ -588,15 +588,13 @@ def build #{formula.path} ].concat(build_argv) - if Sandbox.available? && ARGV.sandbox? - Sandbox.print_sandbox_message - end + Sandbox.print_sandbox_message if Sandbox.formula?(formula) Utils.safe_fork do # Invalidate the current sudo timestamp in case a build script calls sudo system "/usr/bin/sudo", "-k" - if Sandbox.available? && ARGV.sandbox? + if Sandbox.formula?(formula) sandbox = Sandbox.new formula.logs.mkpath sandbox.record_log(formula.logs/"sandbox.build.log") From c6151951d6b685936adb8819db3957b12c95f5c9 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Sun, 14 Aug 2016 17:35:14 +0100 Subject: [PATCH 5/5] cmd/postinstall: use Sandbox.formula? method. --- Library/Homebrew/cmd/postinstall.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb index 95bd3f8ef09b6..798907339c478 100644 --- a/Library/Homebrew/cmd/postinstall.rb +++ b/Library/Homebrew/cmd/postinstall.rb @@ -21,12 +21,10 @@ def run_post_install(formula) args << "--devel" end - if Sandbox.available? && ARGV.sandbox? - Sandbox.print_sandbox_message - end + Sandbox.print_sandbox_message if Sandbox.formula?(formula) Utils.safe_fork do - if Sandbox.available? && ARGV.sandbox? + if Sandbox.formula?(formula) sandbox = Sandbox.new formula.logs.mkpath sandbox.record_log(formula.logs/"sandbox.postinstall.log")