Pinning homebrew/core without 'brew doctor' warnings

(Matt W) #1

I am looking for a “proper” way to pin the homebrew/core git repo to a specific sha1 so that our team-members all have exactly the same versions of applications installed when we do things like brew install gnupg or brew update foobar.

I know I can do a git checkout <sha1> - but then brew doctor complains to us. Is there another way to do it? (For automation purposes, its important to us that brew doctor always returns a 0 code … so even a single warning from it isn’t ok unfortunately…)

I am aware of Installing specific (released or older) version of Brew - though that thread is 2 years old now, so I am curious if there has been any re-thinking of this (@MikeMcQuaid, I’m looking at you).

(Mike McQuaid) #2

You would need to create your own external tap for every formula you want to use. We do not support pinning homebrew/core to random revisions. brew bundle may be useful in providing some consistency.

(Matt W) #3

brew bundle is quite useful - we’re definitely using it. Can we fork homebrew/core and reconfigure homebrew to use our forked version?

(Sean Molenaar) #4

You could clone core as a new tap. That does leave you with a lot of software to keep track of though.

(Mike McQuaid) #5

You can do that but brew doctor will warn. You can and should ignore this, though, and read the message it tells you.

(Matt W) #6

I understand that a lot of the brew doctor warnings are critical and need to be fixed … but some can be pretty safely ignored if we know what we’re doing. For example, in this case where we want to pin the homebrew/core repo to a SHA1.

Would you reconsider allowing people to whitelist certain warnings? Most linters/checkers support this behavior. Without this, its impossible for us to automate remediation or blocking on our developers systems based on the exit code of the brew doctor command. :confused:

(Mike McQuaid) #7

No. See the message at the top of brew doctor when it prints warnings.

In short, you’re wanting to use Homebrew in a way that’s explicitly unsupported (because it won’t give you security updates) but want brew doctor (which explicitly says it is a tool for use by Homebrew’s maintainers) to say everything is fine. Hopefully you can see what’s contradictory about that.