Expand description
Build runtime toolchains from source into a self-contained, absolute cache keg — “our apt-get” for the macOS sandbox, which has no package manager.
§Why source-build instead of a Homebrew bottle
Relocating a Homebrew bottle (rewriting its baked @@HOMEBREW_PREFIX@@
install-name placeholders) is a dead end: the rewrite is length-preserving
and silently skips placeholders shorter than the cache prefix, so the keg’s
binary keeps @@HOMEBREW_PREFIX@@/... LC_LOAD_DYLIB paths. Under a darwin
Seatbelt container those paths don’t exist and macOS strips DYLD_* from
the signed binary, so dyld aborts (Symbol not found … Abort trap: 6).
Building from source at an absolute keg prefix sidesteps both failure modes:
every LC_LOAD_DYLIB is an absolute path to a macOS system library
(/usr/lib/...) or an absolute sibling-keg path — never @@HOMEBREW@@ — and
the compiled sysconfdir/prefix live inside the keg, so the tool reads its
own config instead of /etc/* (which EPERMs under the deny-default profile).
§A fully generic, data-driven build
There is no per-formula recipe table. Everything the build needs is derived from the Homebrew formula JSON we already parse plus the extracted source tree:
- Dependencies come from the formula’s data. Anything in
uses_from_macosis provided by macOS itself (the Seatbelt profile already grants/usr/lib+/usr/includevia the Command Line Tools) so it is skipped. Every otherdependency/build_dependencyis resolved recursively as a sibling keg via [crate::ensure_macos_keg] and wired onto the build with absolute keg paths — build tools land onPATH, libraries contribute-I<keg>/include/-L<keg>/lib/-Wl,-rpath,<keg>/lib/PKG_CONFIG_PATH=<keg>/lib/pkgconfig. So git’sgettext/pcre2and jq’sonigurumabecome resolved kegs automatically — noNO_GETTEXT, no--with-oniguruma=builtin, no hardcoded skip lists. - The build system is autodetected from the extracted tree (a generated
configure, aCMakeself-hostbootstrap, aCMakeLists.txt, a bareMakefile, or an autotools project shipped asconfigure.ac). - Irreducible env is derived from the install layout, not the name. A keg
that installed
<keg>/libexec/git-coregetsGIT_EXEC_PATHpointed there — true for any git-exec-helper tool, asserted by layout, never by== "git".
If a formula’s generic build fails (a custom install do / patches the
generic build can’t reproduce), ensure_from_source falls through to
crate::brew_emulate, which runs the formula’s real Homebrew recipe at
the keg prefix — so genuinely-custom formulae still work with zero
hardcoding.
Structs§
- Source
Spec - Resolved source-build coordinates for a tool.
Functions§
- ensure_
from_ source - Build
formulafrom source into a self-contained keg undercache_dir, writing aKegManifestand returning the keg path. - resolve_
source_ spec - Fetch the formula and extract its source-build coordinates.