Pinning homebrew/core without 'brew doctor' warnings

I am looking for a “proper” way to pin the homebrew/core git repo to a specific sha1 so that our team-members all have exactly the same versions of applications installed when we do things like brew install gnupg or brew update foobar.

I know I can do a git checkout <sha1> - but then brew doctor complains to us. Is there another way to do it? (For automation purposes, its important to us that brew doctor always returns a 0 code … so even a single warning from it isn’t ok unfortunately…)

I am aware of Installing specific (released or older) version of Brew - though that thread is 2 years old now, so I am curious if there has been any re-thinking of this (@MikeMcQuaid, I’m looking at you).

You would need to create your own external tap for every formula you want to use. We do not support pinning homebrew/core to random revisions. brew bundle may be useful in providing some consistency.

brew bundle is quite useful - we’re definitely using it. Can we fork homebrew/core and reconfigure homebrew to use our forked version?

You could clone core as a new tap. That does leave you with a lot of software to keep track of though.

You can do that but brew doctor will warn. You can and should ignore this, though, and read the message it tells you.

I understand that a lot of the brew doctor warnings are critical and need to be fixed … but some can be pretty safely ignored if we know what we’re doing. For example, in this case where we want to pin the homebrew/core repo to a SHA1.

Would you reconsider allowing people to whitelist certain warnings? Most linters/checkers support this behavior. Without this, its impossible for us to automate remediation or blocking on our developers systems based on the exit code of the brew doctor command. :confused:

No. See the message at the top of brew doctor when it prints warnings.

In short, you’re wanting to use Homebrew in a way that’s explicitly unsupported (because it won’t give you security updates) but want brew doctor (which explicitly says it is a tool for use by Homebrew’s maintainers) to say everything is fine. Hopefully you can see what’s contradictory about that.

It seems like you’d benefit most directly from creating your own version of brew doctor and supplying it as an external command.

I myself have made a handful of these, for simple purposes like e.g. prettyprinting INSTALL_RECEIPT.json or other trivial tasks. The Homebrew internals, as you likely already know, are pretty well documented – a good starting point, for the uninitiated, is the Formula Cookbook.

I’ve never written an external command on par with brew doctor or any of the other commands that ship with Homebrew; first off, you’ll want to change the name (brew physician? brew therapist?). After that, it’s your oyster.

Good luck @diranged !

Oh and also, relatedly, this post on the inner workings of brew doctor may be of use to anyone endeavoring to create their own doctor-ish command.