Tags: homegrew/grew
Tags
update GEMINI.md and README.md for post-v0.7.27 changes - regenerate GEMINI.md with accurate command surface, architecture, security primitives, and testing conventions - add distclean to GEMINI.md build commands - update README.md: universal binary, path-traversal hardening, build-fat-binary and distclean targets, remove completed roadmap item
feat: install accepts multiple args with --formula/--cask selection grew install now takes one or more arguments and auto-detects each as a formula or a cask (formula takes precedence). The mutually-exclusive --formula and --cask flags pin every argument to a single kind and disable the other. Arguments are processed in order; installation stops at the first failure. Enforce the count with cobra.MinimumNArgs(1) and the flag exclusivity with MarkFlagsMutuallyExclusive. Refactor RunInstall into per-arg dispatch (resolveInstallKind / installFormulaArg / installCaskArg), close a latent gap where --dry-run --cask installed anyway, and add smoke tests plus doc updates.
Fix completion cache initialization to support dynamic cacheDir param… …eter Previously, cacheDir was ignored (kept for signature compatibility). Now, when cacheDir is empty, it's dynamically resolved to the system cache dir. When provided, it's used directly (for testing or custom locations).
Potential fix for code scanning alert no. 1220: Uncontrolled data use… …d in path expression (#258) Potential fix for [https://github.com/homegrew/grew/security/code-scanning/1220](https://github.com/homegrew/grew/security/code-scanning/1220) Best fix: add path validation inside `pkg/fsutil/fsutil.go` in `WriteFileAtomic` before any filesystem operations. Specifically, validate `dst` with existing `safepath.SafeAbsolutePath(dst)` and return an error if invalid. This is minimally invasive, preserves existing behavior for valid paths, and protects all current/future callers of `WriteFileAtomic` from unsafe path input reaching `os.CreateTemp`/`os.Rename`. Change region: - `pkg/fsutil/fsutil.go`, function `WriteFileAtomic`, immediately at function start (before `dir := filepath.Dir(dst)`). No new dependencies are needed; `safepath` is already imported in this file. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
Fix genrepo skipping casks with app target rename (#256) The cask "app" artifact parser unmarshaled the whole array into []string, which failed for the mixed string-plus-options form Homebrew uses to rename an app in /Applications, e.g.: "app": ["Telegram.app", {"target": "Telegram Desktop.app"}] The failed unmarshal left the App slice empty, so the cask had no artifacts and was rejected by Validate(). This skipped telegram-desktop and several other casks during genrepo import. Parse the array element-by-element (matching the pkg/binary parsers) and honor {"target": ...} so the renamed name -- the one that lands on disk -- is recorded.
Fix genrepo skipping casks with app target rename (#256) The cask "app" artifact parser unmarshaled the whole array into []string, which failed for the mixed string-plus-options form Homebrew uses to rename an app in /Applications, e.g.: "app": ["Telegram.app", {"target": "Telegram Desktop.app"}] The failed unmarshal left the App slice empty, so the cask had no artifacts and was rejected by Validate(). This skipped telegram-desktop and several other casks during genrepo import. Parse the array element-by-element (matching the pkg/binary parsers) and honor {"target": ...} so the renamed name -- the one that lands on disk -- is recorded.
Explicitly create var directory during setup p.Var (Root/var) was defined in FromRoot but absent from Init()'s dirs slice, so it was only created implicitly as a side-effect of MkdirAll on its subdirectories. Add it explicitly so the directory is created in the right order and the dry-run output reflects it.
Add font and installer-script cask artifacts; fix cask version valida… ( #254) …tion Adds support for two new cask artifact types that genrepo conversion was missing: 1. Font artifacts: .otf/.ttf/.ttc/.otc/.dfont/.woff/.woff2/.pfb files copied into ~/Library/Fonts. Locations are derived from AppDir, and FontDir is created on-demand at install time. 2. Installer-script artifacts: Homebrew's "installer" form (script + args + optional sudo). Scripts run under grew's Seatbelt sandbox with network denied and writes confined to staging dir + prefix. Scripts requesting sudo are refused at install time — grew never runs downloaded code as root. This is the deliberate divergence from Homebrew's behavior, preserving grew's least-privilege model. Both: Homebrew's $HOMEBREW_PREFIX references are rewritten to $HOMEGREW_PREFIX, then expanded at install time. Validation fixes: - Allow commas in cask versions (e.g. "7.2.8,173730") to match Homebrew's version,revision syntax. - Parse pkg artifacts element-by-element to handle arrays like ["VirtualBox.pkg", {options...}]; previously the trailing object would abort parsing and lose the filename. Audit consistency: cask audit checks now include all four artifact types. Tests: Add TestParseInstallerArtifact, TestRewriteHomebrewPrefix, TestInstallInstallerScript, TestExpandPrefixVars; extend TestParseCaskArtifacts to cover pkg-with-options and font artifacts; TestInstallFont (nested, basename fallback, bad extension, missing, idempotent uninstall). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added support for font artifact installation and management. * Added support for sandboxed installer script execution with restricted permissions. * Extended cask validation to recognise fonts and installers as valid artifact types. * Updated version string validation to support comma-separated revision formats. * **Documentation** * Enhanced cask documentation describing artifact handling and security mechanisms. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
PreviousNext