5.0.0
brew.sh
Today, I’d like to announce Homebrew 5.0.0. The most significant changes since 4.6.0 are download concurrency by default, official support for Linux ARM64/AArch64, timescales for deprecating macOS Intel and removing macOS Gatekeeper bypass behaviours.

Shame on you, Homebrew, for effectively killing FOSS apps from casks.

    • Noa Himesaka@lemmy.funami.techOPEnglish
      4·
      58 minutes ago

      Yes and no. Yes, it has to be signed, but no, it doesn’t have to be Apple’s signing, it can be ad-hoc signed for the device programmatically. What they’re doing is that removing that ability to remove quarantine bits and ad-hoc signing on installation and forcing everything to be Apple-signed.

      EDIT: Ad-hoc signing is compile-time. Quarantine bit just has to be removed at install-time.

    • mectag@lemmy.worldEnglish
      21·
      1 hour ago

      Thanks! I don’t understand why everyone always has to overreact…

      • Noa Himesaka@lemmy.funami.techOPEnglish
        3·
        54 minutes ago

        100% their fault since there’s a way to ad-hoc sign and run, and they’re removing it and sucking Apple’s dick.

        EDIT: and there’s even an example found in one of this post’s comment of a 3rd party cask doing that in preparation of complete flag removal from Homebrew!

  • brax@sh.itjust.worksEnglish
    141·
    6 hours ago

    But I thought Mac was just Linux for people who loved to spend money… Seems on brand to me.

  • plz1@lemmy.worldEnglish
    21·
    8 hours ago

    Heh, there goes Librewolf’s only sane updating mechanism. IIRC, the devs of that are vehemently against paying Apple the money to sign the code, and they also fail to provide their own updater. It was one of the main drivers behind my switch to Waterfox.

  • KoalaUnknown@lemmy.worldEnglish
    26·
    8 hours ago

    Their explanation as to why:

    --no-quarantine is used to forcibly bypass Gatekeeper, which is a built-in macOS security mechanism. This is used to run unsigned/unnotarized applications.

    macOS Tahoe is the final release to support Intel systems, and last year Apple updated macOS runtime protection to make it harder to override Gatekeeper. Macs with Apple silicon also don’t “permit native arm64 code to execute unless a valid signature is attached”. Finally, we are ending support for all casks that fail Gatekeeper checks on September 1st, 2026.

    With the above in mind, it’s time to deprecate the --no-quarantine flag from brew. It intentionally bypasses macOS security mechanisms, which we already actively discourage. Deprecating now will give a decent lead time for users using it to come up with another solution or adjust their workflows.

    • arcterus@piefed.blahaj.zoneEnglish
      12·
      7 hours ago

      Deprecating now will give a decent lead time for users using it to come up with another solution or adjust their workflows.

      The adjusted solution/workflow: use something other than homebrew

      • dreadbeef@lemmy.dbzer0.comEnglish
        1·
        2 hours ago

        I mean, theres macports and what else? Is macports even kickin still? No other package managers other than homebrew

        • arcterus@piefed.blahaj.zoneEnglish
          71·
          6 hours ago

          By doing what homebrew currently does when you pass the --no-quarantine flag, which is call xattr.

          Note that I’d probably support removing --no-quarantine if Apple’s notarization service was free.

          • monogram@feddit.nlEnglish
            2·
            2 hours ago

            Notarisation, free (as in beer) limits your ability to run your code that (Corporate) doesn’t like, making it inherently non free (as in freedom).

            • arcterus@piefed.blahaj.zoneEnglish
              3·
              2 hours ago

              Yes, but you can still compile the code yourself. It’s only problematic for binary distribution. This is basically a question of balancing security vs. freedom I suppose.

  • mumblerfish@lemmy.worldEnglish
    8·
    7 hours ago

    I never understood what a “cask” in the brew lanuage means. I just do installs and if the brew install instructions involves a cask I just do it. How do I figure out which packages this will have an effect on on my system?

    • SuperUserDO@piefed.caEnglish
      71·
      6 hours ago

      Casks are as a rule GUI applications. So if you want to install Firefox with homebrew would need to install it via a cask.

  • M.int@lemmy.zipEnglish
    18·
    8 hours ago

    The unsigned (FOSS) Apps aren’t removed yet. They will be removed by 2026-09-01. Removing --no-quarantine before that seems counter productive. And quite frankly removing unsigned Apps at all seems like a stupid idea. Homebrew is a third party package mamager, why are they precapitulating to Apple?
    Third party taps (or are they fourth party?) will step in. You can run xattr -d com.apple.quarantine in the .rb file.

    Relevant links.

  • Korne127@lemmy.worldEnglish
    45·
    11 hours ago

    removing macOS Gatekeeper bypass behaviours

    dafuq? That’s basically the entire point

    So yeah, there will be a fork soon that’s just compatible with the casks. Luckily that is very easily to do / manage

  • Nate Cox@programming.devEnglish
    6·
    10 hours ago

    Well, I’m pretty happy that I’ve moved most of my app downloads to a nix config I guess.

    Seems like a bigger change than deserves to be buried in the changelog. I wonder what the intent here is.

  • myfunnyaccountname@lemmy.zipEnglish
    43·
    8 hours ago

    Of the like 30 things I have installed through brew, 1 is not signed. Do I agree with the change, no. But there are other options out there.