diff --git a/Library/Homebrew/dev-cmd/mirror.rb b/Library/Homebrew/dev-cmd/mirror.rb
index 10811493c2c5cf436527d4d9cd6f76f815bbd123..e2492203d3d5cd097589f3d65fb22611c6f45dcc 100644
--- a/Library/Homebrew/dev-cmd/mirror.rb
+++ b/Library/Homebrew/dev-cmd/mirror.rb
@@ -8,10 +8,10 @@ module Homebrew
def mirror
odie "This command requires at least formula argument!" if ARGV.named.empty?
- bintray_user = ENV["BINTRAY_USER"]
- bintray_key = ENV["BINTRAY_KEY"]
+ bintray_user = ENV["HOMEBREW_BINTRAY_USER"]
+ bintray_key = ENV["HOMEBREW_BINTRAY_KEY"]
if !bintray_user || !bintray_key
- raise "Missing BINTRAY_USER or BINTRAY_KEY variables!"
+ raise "Missing HOMEBREW_BINTRAY_USER or HOMEBREW_BINTRAY_KEY variables!"
end
ARGV.formulae.each do |f|
diff --git a/Library/Homebrew/dev-cmd/pull.rb b/Library/Homebrew/dev-cmd/pull.rb
index 36c9ac27c9f4782bf2b55cc6135f5f40874961c8..0616b990ba58824bb68a1e7e27a952dccc9162f9 100644
--- a/Library/Homebrew/dev-cmd/pull.rb
+++ b/Library/Homebrew/dev-cmd/pull.rb
@@ -263,7 +263,7 @@ module Homebrew
end
published = []
- bintray_creds = { user: ENV["BINTRAY_USER"], key: ENV["BINTRAY_KEY"] }
+ bintray_creds = { user: ENV["HOMEBREW_BINTRAY_USER"], key: ENV["HOMEBREW_BINTRAY_KEY"] }
if bintray_creds[:user] && bintray_creds[:key]
changed_formulae_names.each do |name|
f = Formula[name]
@@ -272,7 +272,7 @@ module Homebrew
published << f.full_name
end
else
- opoo "You must set BINTRAY_USER and BINTRAY_KEY to add or update bottles on Bintray!"
+ opoo "You must set HOMEBREW_BINTRAY_USER and HOMEBREW_BINTRAY_KEY to add or update bottles on Bintray!"
end
published
end
diff --git a/Library/Homebrew/diagnostic.rb b/Library/Homebrew/diagnostic.rb
index 3002a0a6790efbe914b670022dbcd6050b3f1b51..8cca1ba91e5297c40dd5e8a19feab028b18815b1 100644
--- a/Library/Homebrew/diagnostic.rb
+++ b/Library/Homebrew/diagnostic.rb
@@ -439,7 +439,7 @@ module Homebrew
message = ""
- paths.each do |p|
+ paths(ENV["HOMEBREW_PATH"]).each do |p|
case p
when "/usr/bin"
unless $seen_prefix_bin
@@ -609,7 +609,7 @@ module Homebrew
/Applications/Server.app/Contents/ServerRoot/usr/sbin
].map(&:downcase)
- paths.each do |p|
+ paths(ENV["HOMEBREW_PATH"]).each do |p|
next if whitelist.include?(p.downcase) || !File.directory?(p)
realpath = Pathname.new(p).realpath.to_s
diff --git a/Library/Homebrew/extend/ENV.rb b/Library/Homebrew/extend/ENV.rb
index 729598e2817ae2f7f0bd0f50d3e2223fcc7133fa..283e90b696bf1e570ee0e8010a53265a23ee1232 100644
--- a/Library/Homebrew/extend/ENV.rb
+++ b/Library/Homebrew/extend/ENV.rb
@@ -26,6 +26,13 @@ module EnvActivation
ensure
replace(old_env)
end
+
+ def clear_sensitive_environment!
+ ENV.keys.each do |key|
+ next unless /(cookie|key|token)/i =~ key
+ ENV.delete key
+ end
+ end
end
ENV.extend(EnvActivation)
diff --git a/Library/Homebrew/formula.rb b/Library/Homebrew/formula.rb
index aec004b0b7ea76652e82257c8e105f466789e682..b32775c7860dbfc82d1c8d4100aac6ad697994df 100644
--- a/Library/Homebrew/formula.rb
+++ b/Library/Homebrew/formula.rb
@@ -13,6 +13,7 @@ require "pkg_version"
require "tap"
require "keg"
require "migrator"
+require "extend/ENV"
# A formula provides instructions and metadata for Homebrew to install a piece
# of software. Every Homebrew formula is a {Formula}.
@@ -1013,10 +1014,17 @@ class Formula
@prefix_returns_versioned_prefix = true
build = self.build
self.build = Tab.for_formula(self)
+
old_tmpdir = ENV["TMPDIR"]
old_temp = ENV["TEMP"]
old_tmp = ENV["TMP"]
+ old_path = ENV["HOMEBREW_PATH"]
+
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
+ ENV["HOMEBREW_PATH"] = nil
+
+ ENV.clear_sensitive_environment!
+
with_logging("post_install") do
post_install
end
@@ -1025,6 +1033,7 @@ class Formula
ENV["TMPDIR"] = old_tmpdir
ENV["TEMP"] = old_temp
ENV["TMP"] = old_tmp
+ ENV["HOMEBREW_PATH"] = old_path
@prefix_returns_versioned_prefix = false
end
@@ -1664,9 +1673,15 @@ class Formula
old_temp = ENV["TEMP"]
old_tmp = ENV["TMP"]
old_term = ENV["TERM"]
+ old_path = ENV["HOMEBREW_PATH"]
+
ENV["CURL_HOME"] = old_curl_home || old_home
ENV["TMPDIR"] = ENV["TEMP"] = ENV["TMP"] = HOMEBREW_TEMP
ENV["TERM"] = "dumb"
+ ENV["HOMEBREW_PATH"] = nil
+
+ ENV.clear_sensitive_environment!
+
mktemp("#{name}-test") do |staging|
staging.retain! if ARGV.keep_tmp?
@testpath = staging.tmpdir
@@ -1689,6 +1704,7 @@ class Formula
ENV["TEMP"] = old_temp
ENV["TMP"] = old_tmp
ENV["TERM"] = old_term
+ ENV["HOMEBREW_PATH"] = old_path
@prefix_returns_versioned_prefix = false
end
@@ -1925,17 +1941,24 @@ class Formula
mkdir_p env_home
old_home = ENV["HOME"]
- ENV["HOME"] = env_home
old_curl_home = ENV["CURL_HOME"]
+ old_path = ENV["HOMEBREW_PATH"]
+
+ ENV["HOME"] = env_home
ENV["CURL_HOME"] = old_curl_home || old_home
+ ENV["HOMEBREW_PATH"] = nil
+
setup_home env_home
+ ENV.clear_sensitive_environment!
+
begin
yield staging
ensure
@buildpath = nil
ENV["HOME"] = old_home
ENV["CURL_HOME"] = old_curl_home
+ ENV["HOMEBREW_PATH"] = old_path
end
end
end
diff --git a/Library/Homebrew/global.rb b/Library/Homebrew/global.rb
index 391f5b0121fda46d2583ecb31dc379f0b497d006..8726fa1a40c1a559041ffec1bd0d65fc722bb83a 100644
--- a/Library/Homebrew/global.rb
+++ b/Library/Homebrew/global.rb
@@ -53,7 +53,7 @@ HOMEBREW_PULL_OR_COMMIT_URL_REGEX = %r[https://github\.com/([\w-]+)/([\w-]+)?/(?
require "compat" unless ARGV.include?("--no-compat") || ENV["HOMEBREW_NO_COMPAT"]
-ORIGINAL_PATHS = ENV["PATH"].split(File::PATH_SEPARATOR).map do |p|
+ORIGINAL_PATHS = ENV["HOMEBREW_PATH"].split(File::PATH_SEPARATOR).map do |p|
begin
Pathname.new(p).expand_path
rescue
diff --git a/Library/Homebrew/test/diagnostic_spec.rb b/Library/Homebrew/test/diagnostic_spec.rb
index c2bcdb9c0315355afe84d847617520e772cee276..6e2c092683222ca4fac91e950a208c86567983f5 100644
--- a/Library/Homebrew/test/diagnostic_spec.rb
+++ b/Library/Homebrew/test/diagnostic_spec.rb
@@ -122,8 +122,9 @@ describe Homebrew::Diagnostic::Checks do
specify "#check_user_path_3" do
begin
sbin = HOMEBREW_PREFIX/"sbin"
- ENV["PATH"] = "#{HOMEBREW_PREFIX}/bin#{File::PATH_SEPARATOR}" +
- ENV["PATH"].gsub(/(?:^|#{Regexp.escape(File::PATH_SEPARATOR)})#{Regexp.escape(sbin)}/, "")
+ ENV["HOMEBREW_PATH"] =
+ "#{HOMEBREW_PREFIX}/bin#{File::PATH_SEPARATOR}" +
+ ENV["HOMEBREW_PATH"].gsub(/(?:^|#{Regexp.escape(File::PATH_SEPARATOR)})#{Regexp.escape(sbin)}/, "")
(sbin/"something").mkpath
expect(subject.check_user_path_1).to be nil
@@ -149,7 +150,9 @@ describe Homebrew::Diagnostic::Checks do
file = "#{path}/foo-config"
FileUtils.touch file
FileUtils.chmod 0755, file
- ENV["PATH"] = "#{path}#{File::PATH_SEPARATOR}#{ENV["PATH"]}"
+ ENV["HOMEBREW_PATH"] =
+ ENV["PATH"] =
+ "#{path}#{File::PATH_SEPARATOR}#{ENV["PATH"]}"
expect(subject.check_for_config_scripts)
.to match('"config" scripts exist')
diff --git a/Library/Homebrew/test/support/helper/spec/shared_context/integration_test.rb b/Library/Homebrew/test/support/helper/spec/shared_context/integration_test.rb
index b037068d2b092c999394a78b3cbe039f2b9dd039..ae1854f58993fa52b4816aeeedc6a83c66fd77ac 100644
--- a/Library/Homebrew/test/support/helper/spec/shared_context/integration_test.rb
+++ b/Library/Homebrew/test/support/helper/spec/shared_context/integration_test.rb
@@ -72,6 +72,7 @@ RSpec.shared_context "integration test" do
env.merge!(
"PATH" => path,
+ "HOMEBREW_PATH" => path,
"HOMEBREW_BREW_FILE" => HOMEBREW_PREFIX/"bin/brew",
"HOMEBREW_INTEGRATION_TEST" => command_id_from_args(args),
"HOMEBREW_TEST_TMPDIR" => TEST_TMPDIR,
diff --git a/Library/Homebrew/utils.rb b/Library/Homebrew/utils.rb
index f37b777eedf9d9e5c0e6ce0c7ab3d2c5768a3d80..0ecc06d2a34516dabec57b424585a9f2cac90cd2 100644
--- a/Library/Homebrew/utils.rb
+++ b/Library/Homebrew/utils.rb
@@ -406,8 +406,8 @@ def nostdout
end
end
-def paths
- @paths ||= ENV["PATH"].split(File::PATH_SEPARATOR).collect do |p|
+def paths(env_path = ENV["PATH"])
+ @paths ||= env_path.split(File::PATH_SEPARATOR).collect do |p|
begin
File.expand_path(p).chomp("/")
rescue ArgumentError