Github Brew

  

Homebrew is a member of the Software Freedom Conservancy. Homebrew is generously supported by Substack, GitHub, Randy Reddig, embark-studios, Realist.ai and many other users and organisations via GitHub Sponsors.

Github breweries
  • Submissions from github.com/brew-brew Hacker News.
  • GitHub Gist: instantly share code, notes, and snippets.

Instructions for a supported install of Homebrew are on the homepage.

This script installs Homebrew to its preferred prefix (/usr/localfor macOS Intel, /opt/homebrew for Apple Silicon) so thatyou don’t need sudo when youbrew install. It is a careful script; it can be run even if you have stuffinstalled in /usr/local already. It tells you exactly what it will do beforeit does it too. You have to confirm everything it will do before it starts.

macOS Requirements

  • A 64-bit Intel CPU or Apple Silicon CPU 1
  • macOS Mojave (10.14) (or higher) 2
  • Command Line Tools (CLT) for Xcode: xcode-select --install,developer.apple.com/downloads orXcode3
  • A Bourne-compatible shell for installation (e.g. bash or zsh) 4

Git Remote Mirroring

You can set HOMEBREW_BREW_GIT_REMOTE and/or HOMEBREW_CORE_GIT_REMOTE in your shell environment to use geolocalized Git mirrors to speed up Homebrew’s installation with this script and, after installation, brew update.

The default Git remote will be used if the corresponding environment variable is unset.

Alternative Installs

Linux or Windows 10 Subsystem for Linux

Check out the Homebrew on Linux installation documentation.

Untar anywhere

Just extract (or git clone) Homebrew wherever you want. Just avoid:

  • Directories with names that contain spaces. Homebrew itself can handle spaces, but many build scripts cannot.
  • /tmp subdirectories because Homebrew gets upset.
  • /sw and /opt/local because build scripts get confused when Homebrew is there instead of Fink or MacPorts, respectively.

However do yourself a favour and install to /usr/local on macOS Intel, /opt/homebrew on macOS ARM,and /home/linuxbrew/.linuxbrew on Linux. Some things maynot build when installed elsewhere. One of the reasons Homebrew justworks relative to the competition is because we recommend installinghere. Pick another prefix at your peril!

Github Brewpiless

Multiple installations

Create a Homebrew installation wherever you extract the tarball. Whichever brew command is called is where the packages will be installed. You can use this as you see fit, e.g. a system set of libs in /usr/local and tweaked formulae for development in ~/homebrew.

Uninstallation

Uninstallation is documented in the FAQ.

Brew

1 For 32-bit or PPC support seeTigerbrew.

2 10.14 or higher is recommended. 10.9–10.13 aresupported on a best-effort basis. For 10.4-10.6 seeTigerbrew.

Homebrew

3 Most formulae require a compiler. A handfulrequire a full Xcode installation. You can install Xcode, the CLT, or both;Homebrew supports all three configurations. Downloading Xcode may require anApple Developer account on older versions of Mac OS X. Sign up for freehere.

4 The one-liner installation method found onbrew.sh requires a Bourne-compatible shell (e.g. bash orzsh). Notably, fish, tcsh and csh will not work.

On 18th April 2021, a security researcher identified a vulnerability in our review-cask-pr GitHub Action used on the homebrew-cask and all homebrew-cask-* taps (non-default repositories) in the Homebrew organization and reported it on our HackerOne.

How to clear laptop ram. Whenever an affected cask tap received a pull request to change only the version of a cask, the review-cask-pr GitHub Action would automatically review and approve the pull request. The approval would then trigger the automerge GitHub Action which would merge the approved pull request. A proof-of-concept (PoC) pull request demonstrating the vulnerability was submitted with our permission. We subsequently reverted the PoC pull request, disabled and removed the automerge GitHub Action and disabled and removed the review-cask-pr GitHub Action from all vulnerable repositories.

Github Brewery

What was impacted

Homebrew Github

The discovered vulnerability would allow an attacker to inject arbitrary code into a cask and have it be merged automatically. This is due to a flaw in the git_diff dependency of the review-cask-pr GitHub Action, which is used to parse a pull request’s diff for inspection. Due to this flaw, the parser can be spoofed into completely ignoring the offending lines, resulting in successfully approving a malicious pull request.

Github Brewing

A single cask was compromised with a harmless change for the duration of the demonstration pull request until its reversal. No action is required by users due to this incident.

Github Brew

What we’re doing about it

  • The vulnerable review-cask-pr GitHub Action has been disabled and removed from all repositories.
  • The automerge GitHub Action has been disabled and removed from all repositories (in favour of the GitHub built-in functionality that did not exist when this action was created).
  • We have removed the ability for our bots to commit to homebrew/cask* repositories.
  • All homebrew/cask* pull requests will require a manual review and approval by a maintainer.
  • We are improving documentation to help onboard new homebrew/cask maintainers and trainingexisting homebrew/core maintainers to help with homebrew/cask.

Brew Mac

We did, do and will continue to take the security of the project and our users very seriously. We try our best to behave as a for-profit company would do in terms of timely response to security issues.

In order to ensure and improve Homebrew’s security, please consider contributing your code and code reviews to our GitHub projects.

Thanks for using Homebrew!