App management permissions are lost when portable-ruby is upgraded

[hybras]

Homebrew uses the full disk access and/or App Management permissions to upgrade apps inplace.. Homebrew checks for these permissions before updating apps. However, these permissions are normally granted to the terminal in which brew runs, not to brew directly. Autoupdate does not run in a terminal, so these permissions are instead tied to homebrew's ruby. However, the permissions system resolves symlinks so whenever this ruby is upgraded, permissions are lost (and upgrades fall back to reinstall behavior).

Below is an example of what permissions look like.

• The terminal has permissions. This works for manual updates.
• The auto-update script has permissions. This does not affect anything.
• The out-of-date ruby has permissions, but is is no longer used.
• The new ruby does not have permissions The new ruby requests permissions, but a permissions dialog never appears. Instead, a notification appears with "ruby was prevented from modifying apps. Allow/Deny". This is easy to miss, and doesn't have the same oomph as a dialog. Clicking allow does not affect the inprogress update, since permissions will only be granted on the next run. I wonder if there is a way for brew autoupdate to not constantly need permissions re granted.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[swissbuechi]

There is currently a discussion in PR: #177 regarding this issue.
I did not know that ruby needs to be there too.