티스토리 수익 글 보기
HOMEBREW_DOWNLOAD_CONCURRENCY, preliminary macOS 26 (Tahoe) support and a built-in brew mcp-server.
Major changes and deprecations since 4.5.0:
HOMEBREW_DOWNLOAD_CONCURRENCYis a new environment variable that allows opt-in to Homebrew’s new download concurrency support. We recommend usingHOMEBREW_DOWNLOAD_CONCURRENCY=autoas a starting point. This will become the default behaviour in a later version of Homebrew (with an opt-out).- Homebrew provides preliminary macOS 26 (Tahoe) support. It will be officially supported after Apple’s public release.
brew mcp-serveris an MCP server for Homebrew and is available in Homebrew by default.- Miscellaneous additional code deprecations, disables and removals scheduled for Homebrew 4.6.
Other changes since 4.5.0 I’d like to highlight are the following:
- All repositories in the Homebrew organisation, including e.g. Homebrew/brew,
Homebrew/homebrew-cask and
Homebrew/homebrew-core, now use
mainas their default branch. - All casks submitted in Homebrew/homebrew-cask must be signed. We have not yet completed the process of disabling/removing those that aren’t but this will happen at some point in the future.
- Homebrew prohibits non-ASCII characters in URLs.
- Homebrew now allows users in Tier 2/3 to file some types of issues.
- Homebrew’s
.pkgand official/shell installers will now add Homebrew to the defaultPATHif possible. - Third-party Homebrew GitHub Packages mirrors that do not require authentication now work as expected.
HOMEBREW_FORBID_CASKSis a new environment variable that forbids all casks.HOMEBREW_VERIFY_ATTESTATIONSmust be explicitly set again, even forHOMEBREW_DEVELOPERs.brewno longer copies across zeroed environment-variable values.brewresets thesudotimestamp later so it’s not done by e.g.brew --prefixorbrew shellenvbut remains done by e.g.brew install.brew --debugoutput is a bit quieter by default.brew bundleno longer uses thebrew tap --force-auto-updateoption as it was removed.brew bundlebetter handles cask renames forbrew bundleandbrew bundle dump.brew bundlerefers to “formulae” rather than “brews” for consistency with other parts of Homebrew.brew bundle addwill create aBrewfileif it doesn’t exist.brew cleanupdoesn’t warn when loading a renamed cask.brew installoutputs a better error message when there are tap conflicts.brew install --askwill also prompt before installing casks.brew uninstallwon’t suggest deleting configuration files that belong to other formulae.brew updatedisplays descriptions for new formulae and casks.brew updatewill migrate taps frommastertomainwhen necessary.brew pinreturns a non-zero exit code if pinning formulae that are not installed.brew shandbrew bundle shuse more of the user’s configuration but provide a custom prompt.brew auditensures that official formula and cask names don’t conflict.brew depsoutputs a warning when runtime dependencies are not used (so results may be inconsistent or confusing).env_script_all_filesin formulae won’t overwrite existing files.
Finally:
- Homebrew is now on Bluesky.
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>brew bundle/services, preliminary Linux support for casks, official Support Tiers, Tier 2 ARM64 Linux support, Ruby 3.4 and several deprecations.
Major changes and deprecations since 4.4.0:
brew bundle and brew services
- The documentation for Homebrew Bundle,
brew bundleandBrewfilehas been hugely improved. It also documents the many newbrew bundlefeatures and changes in this release. brew bundleandbrew servicesare built-in commands instead of being provided by an external tap.brew bundle (exec|env|sh)no longer filter the user’s environment (like otherbrewcommands do)brew servicessupports passing multiple formulaeBrewfiles have aversion_file:DSL that allowsbrew bundleto write to e.g. a.ruby-versionfile based on the installed versionbrew bundleno longer includes${HOMEBREW_PREFIX}/binin the$PATHby default. You can do this in yourBrewfilewithENV["PATH"] = "#{HOMEBREW_PREFIX}/bin:#{ENV["PATH"]}".
Linux casks
- Some Homebrew casks are supported on Linux. Right now these are mostly fonts and those with Linux binaries. Some casks will never be available on Linux, such as those for macOS-specific software. The Homebrew Linux fonts cask tap has been deprecated as a result.
brew bump-cask-prallows bumping multi-platform casks on Linux
Support Tiers
- Homebrew has three documented Support Tiers plus Unsupported. Tier 1, previously called “supported”, is where you’ll get bottles/binary packages and we have CI coverage.
brew doctorlinks to Support Tiersbrew doctorchecks for OpenCore Legacy Patcher- Clarify that the OpenCore Legacy Patcher is Tier 2 or 3
ARM64 Linux
- Homebrew provides a Portable Ruby for ARM64 Linux. This is the first step towards hopefully being able to provide Tier 1 support for ARM64 Linux in the future.
- Homebrew refers to ARM64 Linux, not AArch64 Linux (for consistency with macOS)
- Homebrew publishes some ARM64 Docker images
Ruby
- Homebrew provides Portable Ruby 3.4.3. It also requires Ruby >=3.4 to run.
- Homebrew has enabled Bootsnap by default. This should make repeated invocations of
brewmuch faster.
Deprecations
Other changes since 4.4.0 I’d like to highlight are the following:
brew install --askandHOMEBREW_ASKallow viewing the packages, dependencies and sizes in a prompt before installationbrew install --skip-linkallows installation without runningbrew linkbrew update-if-neededprovides a much faster possible replacement forbrew updatethat does nothing if no auto-update is requiredbrew install --as-dependencyallows installation of formulae as dependencies rather than “on request”brewallows being run byrootinpodmancontainersHOMEBREW_TEMPdefaults to/var/tmpon Linux, assuming it exists, is readable and is writablebrew install --caskproduces fewer GitHub Actions warnings- Homebrew supports GCC 15
brew pyenv-synccreates major version symlinks to fixpyenvsupport- The Homebrew macOS
.pkginstaller will upgrade existing installations HOMEBREW_UPGRADE_GREEDY_CASKSallows specifying a list of casks that should always be upgraded with--greedy- Formulae can include
PowerShell (
pwsh) orclapcompletions. @@HOMEBREW_PREFIX@@can be replaced with the value ofHOMEBREW_PREFIXin external patchesbrew aliasandbrew unaliascommands are part of Homebrew/brew rather than an external tapbrew editandbrew bundle editlook for VSCode variants, e.g. Cursorbrew bump*can bump synced formulae togetherbrew *env-synchas aHOMEBREW_ENV_SYNC_STRICTmode for stricter version handling- In formulae and casks,
deprecate!/disable!support specifying replacement software and can specify replacement type brew bump-*only warns, rather than errors, on duplicate PRs for non-official tapsbrew verifyallows verifying package attributionsbrew auditflagspkg-configdependencies in core tap. We have fully moved to usingpkgconfin Homebrew/homebrew-core instead.- Formulae allow using Sequoia’s
jqinstead of Homebrew’s brew configprints the current Homebrew/brew branch- Homebrew’s Tabs/
INSTALL_RECEIPT.jsoninclude thebottle_rebuildinruntime_dependencies - Homebrew will use macOS’s new
lockfwhere available - Homebrew’s CI is no longer running
brew testson macOS 13. It was too slow and we’re dropping macOS 13 support later this year.
Finally:
- Homebrew has switched to SSH-based Git commit signing
- Homebrew has provided FAQs about their relationship with Workbrew
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>As part of this change, we will be rotating our @BrewTestBot’s key.
This rotation should not affect most users, but you may notice
it if you currently manually verify git commits from
Homebrew/brew, Homebrew/homebrew-core, or similar.
Once all repositories have been transitioned, we will revoke the old PGP key to prevent unintended future use:
- Main key:
3C76C3F1E573FA9E - Signing subkey:
82D7D104050B0F0F
The new SSH signing key has the following public half:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0QzQJ6gl6Yxru0QrSaDRNatiHajcKxDu9lxQrFl8Nw
Users can also discover this signing key programmatically through GitHub’s REST API:
$ gh api /users/BrewTestBot/ssh_signing_keys
[
{
"id": 475371,
"key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0QzQJ6gl6Yxru0QrSaDRNatiHajcKxDu9lxQrFl8Nw",
"title": "BREWTESTBOT_SSH_SIGNING_KEY",
"created_at": "2025-02-03T17:50:27.377+01:00"
}
]
We understand that the community will, rightly, have questions. You’ll find some answers below. This relationship is mutually beneficial: Workbrew employees work on Homebrew during working hours, and Workbrew sponsors Homebrew on GitHub Sponsors. Workbrew’s founders care deeply about the success and independence of Homebrew.
Homebrew itself is and will always remain open source and free (as in speech and beer 🍺).
Homebrew and Workbrew FAQs
How are Homebrew and Workbrew related?
Homebrew is an open source project and part of the non-profit Open Source Collective run by unpaid volunteers (bar a small $300/month stipend for opted-in active maintainers).
Workbrew is a product (with paid tiers) and company run by founders and employees.
At the time of writing, some of Homebrew and Workbrew’s leadership overlap (@MikeMcQuaid, @mozzadrella) and Workbrew employs some Homebrew maintainers (@Bo98, @carlocab).
Is Workbrew in control of Homebrew?
No. Homebrew has an independent governance structure that can only be changed through a supermajority of votes cast. Homebrew’s Project Leadership Committee (PLC) restricts any employer (including Workbrew) from holding more than 2 seats on the PLC.
Additionally, on the code side, Homebrew is BSD-2 licensed with no CLA and >10,000 contributors.
In practice, this means that neither Homebrew or Workbrew could relicense Homebrew without >10,000 people agreeing to it (or their code being rewritten) which is essentially impossible.
Is Workbrew going to make us pay for Homebrew?
No. Only Homebrew could decide to do this and we have no plans to do so. Workbrew includes Homebrew and charges money for certain Workbrew plans – as permitted by Homebrew’s license – but cannot ever make Homebrew not open source.
Did Homebrew know this was coming?
Yes. Workbrew kept Homebrew’s leadership, maintainers and membership in the loop from early in the company’s conception. We’re very grateful for this transparency.
]]>INSTALL_RECEIPT.json files for casks, macOS Monterey (12) deprecation and various other deprecations.
Major changes and deprecations since 4.3.0:
- macOS Sequoia (15) is officially supported by Homebrew.
- Newly installed casks have install receipts (
INSTALL_RECEIPT.jsonfiles). - macOS Monterey (12) is no longer supported by Homebrew and no longer a CI target for Homebrew.
- External commands in the old, non-AbstractCommand style are deprecated and should be migrated to AbstractCommand.
- Disabled packages output the date when they will be disabled.
url doblocks are deprecated for casks.- An Ubuntu 24.04 Docker image was added.
- The Ubuntu 18.04 Homebrew Docker image is deprecated.
brew tabis a new command for editing tab information.- Setting Homebrew’s boolean environment variables to falsey values is deprecated.
- Homebrew no longer supports building with GCC 4.9, 5 and 6.
- The usual cycle of deprecations, disables and code removals.
Other changes since 4.3.0 I’d like to highlight are the following:
- Homebrew uses Ruby 3.3.5.
brew upgrade --cask --quietis quieter.brew outdatedassumes the--greedyflag was passed whenHOMEBREW_UPGRADE_GREEDYis set.brew install --cask --adoptonly cares if the cask doesn’t auto-update.brew search --descandbrew desc --searchuse the JSON API’s data for description searches.brew autoremovedoes not remove formulae that were built from source.- Homebrew will rewrite
nodeshebangs on installation (mirroringpythonandperl). brew installwill prioritise homebrew-cask casks over non-Homebrew organisation formulae.brew infowill show size information for bottles.brew listhas new--poured-from-bottleand--built-from-sourceflags.brew shellenvwill setXDG_DATA_DIRSon Linux.brew typechecksupports using Sorbet for typechecking in taps.HOMEBREW_NO_BUILD_ERROR_ISSUESis a new environment variable that prevents Homebrew from searching for relevant GitHub issues on a build error.brew searchallows searching with@and+characters.- A
homebrew/brew:masterDocker image was added.
Finally:
- Homebrew’s 501c3 OpenCollective is empty. We are only using our 501c6 OpenCollective.
- In case you missed it, Homebrew had a 2023 security audit that was released in July.
- Homebrew had a Summer 2024 Hackathon in July which focused on implementing the results of the security audit and improving performance of many parts of Homebrew.
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>You can read Trail of Bits’ blog post on the audit here and find the full public report here.
Homebrew’s maintainers and Project Leadership Commitee would like to thank Open Technology Fund and Trail of Bits for sponsoring and running this engagement. Our partnership directly improves the security of Homebrew and open source software in general.
Scope: Homebrew/brew, Homebrew/actions, Homebrew/formulae.brew.sh, Homebrew/homebrew-test-bot.
Findings by severity:
- High: 0
- Medium: 14
- Low: 2
- Informational: 7
- Undetermined: 2
Mitigation & acknowledgement:
- Path traversal during file caching
- Status: Fixed
- Sandbox escape via string injection
- Status: Fixed
- Allow default rule in sandbox configuration is overly permissive
- Status: Fixed
- Special characters are allowed in package names and versions
- Status: Acknowledged
- Use of weak cryptographic digest in Formulary namespaces
- Status: Fixed
- Extraction is not sandboxed
- Status: Acknowledged
- Use of ldd on untrusted inputs
- Status: Fixed
- Formulas allow for external resources to be downloaded during the install step
- Status: In Progress
- Use of Marshal
- Status: Fixed
- Lack of sandboxing on Linux
- Status: Acknowledged
- Sandbox escape through domain socket pivot on macOS
- Status: In Progress
- Formula privilege escalation through sudo
- Status: Fixed
- Formula loading through SFTP, SCP, and other protocols
- Status: Fixed
- Sandbox allows changing permissions for important directories
- Status: Fixed
- Homebrew supports only end-of-life versions of Ruby
- Status: Fixed
- Path traversal during bottling
- Status: Fixed
- FileUtils.rm_rf does not check if files are deleted
- Status: In Progress
- Use of pull_request_target in GitHub Actions workflows
- Use of unpinned third-party workflow
- Status: Fixed across the codebase via multiple PR’s.
- Unpinned dependencies in formulae.brew.sh
- Status: Fixed
- Use of RSA for JSON API signing
- Status: Acknowledged. Ed25519 was not an option when this was introduced. The next key reroll will use Ed25519.
- Bottles beginning “-“ can lead to unintended options getting passed to rm
- Status: Fixed
- Code injection through inputs in multiple actions
- Status: Fixed across the codebase via multiple PR’s.
- Use of PGP for commit signing
- Status: Acknowledged. Plans to remove the bot account using PGP have been established.
- Unnecessary domain separation between signing key and key ID
- Status: Acknowledged. Will be resolved with the next key reroll.
Background
Since 2019, Homebrew’s maintainers meet annually for the “Annual General Meeting” in Brussels, Belgium. At AGM’s inception, Brussels was deemed a convenient location for the predominantly European team to coincide with the free FOSDEM conference. Since then, the global distribution of the core team has expanded.
At the same time, maintenance issues related to performance (the not-so-glamorous tasks of running a mature project that the whole world relies upon) and the remaining pieces of the Trail of Bits Security Audit needed to be completed.
The Project Leadership Team decided to undertake an experiment: our first North American in-person event, thematically focused and with an application process.
Of the 16 applications, 12 participants were accepted.
Event design + impact
On the first day of the three-day event, Project Leader Mike McQuaid gave a presentation about how to triage and measure the highest-impact performance-related issues:
From there, participants tackled high-priority issues, raising pull requests in the dedicated Slack channel to ensure speedy reviews.
Participants worked synchronously and co-located over three days, with standup around 9:30am and departing at 5:00pm. Dinners were optional but provided opportunities for additional discussion:
Impact
Participants made significant progress in the following areas:
- Security Issues: Several contributors focused on fixing security vulnerabilities highlighted in the Trail of Bits Homebrew audits, such as sandboxing improvements, GitHub Actions security, and privilege escalation prevention.
- Performance Enhancements: Efforts were made to speed up operations like concurrent downloads and repository handling, resulting in significant gains.
Outcomes
In addition to the direct impact participants had by shipping code, there’s some evidence that this in-person gathering may have increased the capacity of maintainers in areas of security and performance, which will ultimately benefit the project in the future:
1 = least likely, 5 = most likely
While the event seemed successful to us as organizers, we also wanted to hear from the participants themselves as part of our evaluation.
Event evaluation
Overall, the hackathon received positive feedback:
- Organizational Success: Participants praised the event’s organization, particularly highlighting Vanessa’s efforts and the conducive environment at IndyHall.
- Productive Collaboration: The in-person collaboration facilitated rapid progress and effective problem-solving, which participants found highly beneficial. Direct interaction enabled efficient idea exchange and immediate problem resolution. Participants appreciated the social interactions and the chance to work closely with peers they usually communicate with asynchronously.
Participants themselves assessed the event as successful:
1 = least successful, 5 = most successful
One of the unexpected effects of the rapid progress was a flurry of notifications for the maintainers who were not attending the event:
Apologies, Eric.
First-person accounts
In their own words, participants identified key benefits:
What in particular made the Hackathon successful or not successful?
- A fun experience overall, I got to work on aspects of Homebrew that I had never dealt with before and met some wonderful people!
- The efficient exchange of ideas made it very successful in my opinion. We have probably never had a time when we were able to fix this many issues and make this many improvements to Homebrew within such a short period.
- There were a lot – we fixed many problems, had various foods, and had a great time together. If I had to choose one, it would still be about the in-person nature of the event. It not only made it much easier to share ideas, but also strengthened the bond between our maintainers.
- The list of issues from the audit helped to outline the work to be done.
- The organization – Vanessa did an awesome job – thank you! The security stuff was awesome to get some issues burned down. Philly’s a great city. IndyHall is a great venue. And it was really nice to just be!
- Two fixed themes for the hackathon kept people focused, IMO
- The availability of a list of issues to select from and work together with people
- I feel like a lot was done, but with such vague goals it’s hard to tell if all were met.
- Full focus, no distractions.
- I feel that a lot was accomplished in a short amount of time. It was clear everyone came ready to work and the attitude of all maintainers was so upbeat.
- All being in the same room together was great for productivity because we could easily bounce ideas and discuss with each other without dealing with timezone differences. When I was working on problems that I didn’t understand super well, I could just ask other people for help and get it immediately.
Areas for Improvement
As an experiment, we were keen to hear how we might improve the structure to be more effective. Attendees had feedback in the following areas:
- Task Clarity: More structured task lists, especially for performance-related issues, would provide clearer direction.
- Schedule Optimization: Participants suggested better time management, including more structured breaks and optional cultural activities.
- Constructive Feedback: Some participants desired a mid-day stand-up for better synchronization and clarity.
Overall, the event not only addressed critical technical challenges but also strengthened the bonds within the Homebrew community, setting a positive precedent for future collaborative efforts.
]]>Major changes and deprecations since 4.2.0:
-
brew bottlewill include a basic SPDX file inside the bottle and a more comprehensive one after installation. This is to provide support for the widely used SBOM format from Homebrew. -
If
HOMEBREW_VERIFY_ATTESTATIONSis set,brew installwill verify the bottle artifact’s attestation when pouring bottles using GitHub’sghCLI. This functionality is still in beta. We expect to remove the need for theghtool and improve performance before we make this the default behaviour. This behaviour demonstrates Homebrew’s ongoing commitment to improving our security posture. Read more in the tracking issue or in the GitHub artifact attestation announcement -
HOMEBREW_AUTOREMOVEis the default behaviour meaning thatbrew cleanupandbrew uninstallautomatically runbrew autoremove. Disable this by settingHOMEBREW_NO_AUTOREMOVE. This is to improve the default behaviour ofbrew uninstallgivenbrew autoremoveis sufficiently reliable. -
Homebrew has two new types of analytics: “Brew Command Run” events and
brew test-botanalytics. The latter are not working or published yet but will be soon. These are to help us improve the documentation and prioritisation of issues in Homebrew. -
Homebrew/homebrew-cask requires code signing of all casks. Expect removal of casks that are not code signed from Homebrew/homebrew-cask in future. This is because code signing is required on Apple Silicon which is used by a growing majority of all Homebrew users.
-
Homebrew/homebrew-cask-versions migrated to Homebrew/homebrew-cask and is archived, following Homebrew/homebrew-cask-drivers. Migration for Homebrew/homebrew-cask-fonts will happen soon. This will make it easier to have a more consistent installation, discovery and maintenance experience for all official casks.
-
As-of Homebrew 4.3.1: Homebrew now provides Portable Ruby 3.3.1 and requires Ruby >=3.3.0.
Other changes since 4.2.0 I’d like to highlight are the following:
-
HOMEBREW_FORBIDDEN_CASKS,HOMEBREW_FORBIDDEN_FORMULAEandHOMEBREW_FORBIDDEN_TAPSare added to extend the functionality beyond the existingHOMEBREW_FORBIDDEN_LICENSESto prevent formulae/cask/tap installation. Relatedly,HOMEBREW_ALLOWED_TAPSwas added to restrict installation of and from specific taps. -
GitHub Actions will display native warnings/error notices for deprecations/disables and warnings/errors.
-
There are now several more reasons why casks are deprecated or disabled.
-
Homebrew’s code documentation on rubydoc.brew.sh previously did not do a good job of differentiating public/private/internal (i.e. only public for Homebrew’s use) APIs. We explicitly mark non-private APIs, non-public APIs, warn about undocumented non-private APIs and APIs are private by default.
-
Homebrew’s code documentation on rubydoc.brew.sh includes Sorbet data from
.rbifiles to provide more types. -
brew command,brew shellenvandbrew setup-rubyare significantly faster. - When the GitHub token used by Homebrew requires more scopes, Homebrew will clarify these.
brew upgrade --overwriteis a new flag similar tobrew install --overwriteandbrew link --overwriteto delete files that already exist in the prefix while linking.brew install --display-timesalso works with casks.- Tap migrations can also perform renames.
HOMEBREW_GITHUB_API_TOKENsupports more types of GitHub tokens.- The
brew desc --eval-allwarning only applies tobrew desc --search. brew tapno longer shows untapped taps with API support.brew upgradeno longer truncates some version numbers.- @BrewTestBot can no longer provide approving reviews on Homebrew/brew.
- Formulae can optionally restrict network access in build/test/postinstall sandboxes.
HOMEBREW_TEMPis used more consistently for temporary filesbrew updateoutputs a message whenever it is autoupdating to make clear what is causing the delay. Also,brew updatewill attempt to update all taps, not just those on GitHub.brew install/upgrade/outdatedwill more intelligently auto-update when specifying formulae/casks from third-party taps.brew bump-formulaandbrew bump-cask-prrefuse to bump packages that Homebrew’s automation already handles.brew install --adoptis more permissive and quicker if the bundle versions match.brew uninstallandbrew reinstallwill skip cask quit/signal directives.brew info --json=v2returns a Cask’s bundle versions inbundle_versionandbundle_short_versionkeys.brew infoandbrew tap-infoprovide more consistent output indicating if a package or tap is installed.brew *-synccommands avoid overwriting existing user installations.brew *-synccommands will use their respective:*ENV_ROOTvariables.brew configprovides information about Homebrew/homebrew-core and Homebrew/homebrew-cask taps and JSON API files.brew listprovides--installed-on-requestand--installed-as-dependencyto list formulae installed on request or as dependencies respectively.brew update-resetwill reset to thestabletag when appropriate.brew bump*commands no longer allow forcing multiple PRs.brew bump*commands limit the number of open PRs to 15.brew bumpwill indicate if formulae should sync with others.brew auditwill reject Internet Archive Wayback Machine URLs as these formulae are no longer active.brew auditwill check the license(s) of the specific release rather than the default branch.brew updatewill attempt to parse a GitHub API token from repository URL to better handle private repositories.
Finally:
- Changes to Homebrew’s Governance were merged after a vote of members before the 2024 AGM.
- The minutes of the 2024 AGM are available.
- Homebrew maintainers no longer use forks on official repositories.
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>.env file configuration and macOS Sonoma support.
Major changes and deprecations since 4.1.0:
- Homebrew now uses and requires Ruby 3.1.
If you do not already have a version provided by your system: we provide
Portable Ruby 3.1.4 that will be installed whenever needed on
Linux x86_64 and macOS Apple Silicon and Intel.
This marks the end of Homebrew using the macOS system Ruby.
Pour one out for our old friend
/usr/bin/rubyon macOS 🍻. - Formula installation and upgrades are less likely to require dependencies to be upgraded.
This should reduce “
brew upgrade fooupgraded everything on my system” problems. - Homebrew/homebrew-core and Homebrew/homebrew-cask now store formulae/casks in “sharded” subdirectories for improved
gitand GitHub performance. - Homebrew can be configured with
.envfiles. - Homebrew supports macOS Sonoma.
OS::MacandMacOSusage in formulae on Linux is deprecated. Please guard all uses in formulae withif OS.mac?orif OS.linux?as appropriate.brew audit --new-formulaand--new-caskoptions are deprecated. Please usebrew audit --newinstead.brew postgresql-upgrade-databaseis deprecated. It is not longer needed now that we use versionedpostgresqlformulae. Please usepg_upgradedirectly instead.- Casks can be, like formulae, deprecated and disabled.
Relatedly, the use of
discontinued?in casks is deprecated. - Various other deprecations.
Other changes since 4.1.0 I’d like to highlight are the following:
- Homebrew detects Apple Silicon M3 processors.
- The macOS
.pkginstaller is signed (by me!). - Casks support setting multiple download headers
brew list --full-namesproperly output Homebrew organisation names for casks.- Homebrew uses Sorbet for runtime error checking.
- Homebrew is importing parts of ActiveSupport to speed up command execution time.
- Homebrew supports the
rcshell. - Various sharding fixes
- Downloads from the Homebrew API better support
if
curlor system certificates are too old. brew depsno longer passes options to formulae.brew deschas improved handling of--eval-allwith formulae.brew installwill upgrade already installed casks (to be consistent with formulae.)brew pin‘d formulae don’t cause as many warnings or errors.brew setup-rubyis a new command to just install Homebrew’s Ruby, if needed.brew editwill suggest tapping core repositories if untapped.- The macOS
.pkginstaller is a documented installation method. - Formula support
ENV.O3again to allow passing-O3compiler optimisations. brew installsetsPIP_CACHE_DIRto cache more Python files when building bottles or from source.brew auditchecks all relicensed HashiCorp formulae.sshpasshas (finally?) been removed from the new formula deny list.- Formula’s
serviceblocks now support multiple sockets. bootsnapis used more often, speeding up repeatedbrewinvocations.XDG_CACHE_HOMEis used correctly again for logs and Homebrew’s cache on Linux.
Finally:
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>Major changes and deprecations since 4.0.0:
brewdownloads of formula/cask APIs use a signed API endpoint with client signature verification.- We’ve made many improvements around the new 4.0.0 feature of using JSON files downloaded from formulae.brew.sh for package installation rather than local homebrew/core and homebrew/cask taps.
- If you had previously set
HOMEBREW_NO_AUTO_UPDATE,HOMEBREW_NO_INSTALL_FROM_APIorHOMEBREW_AUTO_UPDATE_SECSto work around bugs or annoyances: please consider unsetting these and tweaking the values based on the new behaviour. Under some circumstances, you may see a one-time message nudging you do to this.
- If you had previously set
brew doctorwarns if Homebrew/homebrew-core or Homebrew/homebrew-cask seem to be tapped unnecessarily so you canbrew untapthem to save time and disk space.- formulae.brew.sh provides new analytics for Homebrew Developer Configuration, OS/Architecture/CI, Homebrew Prefixes and Homebrew Versions. This is based on existing data that was already gathered.
- We destroyed (and did not migrate/back up) all of Homebrew’s Google Analytics data on 2023-06-16 and all Google Analytics code has been removed.
- Homebrew’s analytics are only sent to our InfluxDB instance hosted in the EU.
- If you had previously set
HOMEBREW_NO_ANALYTICSbecause you didn’t like Google Analytics and/or data being sent to the US: please consider unsetting this allowing analytics data to be sent to our new InfluxDB host. Again, under some circumstances, you may see a one-time message nudging you do to this.
- If you had previously set
- Homebrew’s analytics documentation is updated with the new InfluxDB, post-Google Analytics reality.
- Setting
HOMEBREW_NO_ENV_FILTERINGno longer fails but is silently a no-op. - Homebrew’s deprecated Ubuntu 16.04 Docker image is no longer being built or updated.
- Homebrew/homebrew-cask-drivers is deprecated and active casks were moved to Homebrew/homebrew-cask.
brew rbenv-sync,brew nodenv-syncandbrew pyenv-synccommands will automatically sync Homebrew-installed Ruby, NodeJS and Python versions withrbenv,nodenvandpyenvrespectively to avoid needing to build these from source.- Homebrew has laid the groundwork for later macOS Sonoma (14) support.
- Various improvements sped up all Ruby
brewcommand performance. brew fetching bottles is significantly faster.brew installwith nopost_installis significantly faster.- Various other minor release deprecations and disables.
Other changes since 4.0.0 I’d like to highlight are the following:
brewcommands will only auto-update from the API for commands that auto-updated from Git pre-4.0.0.brew updatereports new/deleted formulae/casks when installing from the API.brew updatewill automatically update Homebrew/homebrew-core and Homebrew/homebrew-cask local taps for users who have run developer commands.brew installbuild failures only recommend open issues rather than pull requests.brew installwill use cached bottles if the request to check if bottles are up-to-date fails.brew installsetsOPENSSL_NO_VENDORto use Homebrew’s relevantopenssl*formula rather than the vendored OpenSSL from theopensslcrate.brew install --skip-post-installwill skip post-installation steps when installing a formula.brew searchno longer searches remotely instead using Homebrew’s new JSON API.brew cleanup --quietomits outputting some warnings.brew deps --missingprovides the inverse output tobrew deps --installedbrew fetch,brew --cache,brew auditandbrew readallhas--osand--archflags to simulate different operating systems and CPU architectures.brew shellenvaccepts a shell name parameter for when auto-detection is unreliable.brewcommands auto-update less frequently for users who have run Homebrew developer commands.brew auditverifies the correct signing of.pkginstallers.brew bumpandbrew bump-formula-prwill update a local Homebrew/homebrew-core tap (if present) andbrew bumpandbrew bump-cask-prwill do the same for Homebrew/homebrew-cask.HOMEBREW_NO_INSTALL_FROM_APIis set automatically for commands that need it.- A
cask_renames.jsonfile in taps allows casks to be renamed. - The default Linux installation location (
/home/linuxbrew/.linuxbrew) works as expected on Fedora Silverblue and other configurations where/homeis symlinked elsewhere. - Homebrew uses (and prioritises) GitHub tokens stored by the
ghCLI (when available). - Homebrew avoids using the macOS
texinfo - GitHub Packages bottle manifests contain the size of the bottle.
- Homebrew will set
RUSTFLAGSto the appropriate target CPU on installation. - Homebrew can build with GCC 13.
- Homebrew’s analytics better capture non-Debian-based distribution versions.
- Preliminary support for loading formulae/casks from subdirectories (to later “shard” Homebrew/homebrew-core and Homebrew/homebrew-cask Formula/Cask directories for performance reasons.)
- Homebrew is more vocal that building from source is unsupported.
- Various display issues have been fixed with Homebrew’s Ruby API documentation at rubydoc.brew.sh.
Finally:
- Homebrew accepts donations through GitHub Sponsors and still accepts donations through Patreon. If you can afford it, please consider donating. If you’d rather not use GitHub Sponsors or Patreon (our preferred donation methods), check out the other ways to donate in our README.
Thanks to all our hard-working maintainers, contributors, sponsors and supporters for getting us this far.
]]>