admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

attestation: require explicit opt-in.

Browse Source 
Work on this has stalled a bit and it slows things down so let's require
an explicit opt-in to use it.

While we're here, remove the silent/implicit opt-out for CI, too.
This commit is contained in:
Mike McQuaid 2025-07-10 09:10:08 +01:00
parent 700d67a85e
commit 17762fa77a
No known key found for this signature in database
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Library/Homebrew/attestation.rb
View File

@ -64,12 +64,8 @@ module Homebrew
sig { returns(T::Boolean) }
def self.enabled?
return false if Homebrew::EnvConfig.no_verify_attestations?
return true if Homebrew::EnvConfig.verify_attestations?
return false if ENV.fetch("CI", false)
return false if OS.not_tier_one_configuration?
# Always check credentials last to avoid unnecessary credential extraction.
(Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun?) && GitHub::API.credentials.present?
Homebrew::EnvConfig.verify_attestations?
end
# Returns a path to a suitable `gh` executable for attestation verification.