Merge pull request #14774 from bevanjkay/revert-14747-feat/cask/audit_pkg_signing
Revert "cask: audit for correct signing of pkg installers"
This commit is contained in:
Bo Anderson
GitHub
commit
2129b4c750
@ -501,47 +501,29 @@ module Cask
|
|||||||
Dir.mktmpdir do |tmpdir|
|
Dir.mktmpdir do |tmpdir|
|
||||||
tmpdir = Pathname(tmpdir)
|
tmpdir = Pathname(tmpdir)
|
||||||
primary_container.extract_nestedly(to: tmpdir, basename: downloaded_path.basename, verbose: false)
|
primary_container.extract_nestedly(to: tmpdir, basename: downloaded_path.basename, verbose: false)
|
||||||
|
|
||||||
message = <<~EOS
|
|
||||||
Signature verification failed:
|
|
||||||
#{result.merged_output}
|
|
||||||
macOS on ARM requires applications to be signed.
|
|
||||||
Please contact the upstream developer to let them know they should
|
|
||||||
EOS
|
|
||||||
|
|
||||||
artifacts.each do |artifact|
|
artifacts.each do |artifact|
|
||||||
case artifact
|
path = case artifact
|
||||||
when Artifact::Moved
|
when Artifact::Moved
|
||||||
path = tmpdir/artifact.source.basename
|
tmpdir/artifact.source.basename
|
||||||
next unless path.exist?
|
|
||||||
|
|
||||||
result = system_command("codesign", args: ["--verify", path], print_stderr: false)
|
|
||||||
|
|
||||||
next if result.success?
|
|
||||||
|
|
||||||
message = if result.stderr.include?("not signed at all")
|
|
||||||
"#{message} sign their app."
|
|
||||||
else
|
|
||||||
"#{message} fix the signature of their app."
|
|
||||||
end
|
|
||||||
|
|
||||||
add_warning message
|
|
||||||
when Artifact::Pkg
|
when Artifact::Pkg
|
||||||
path = artifact.path
|
artifact.path
|
||||||
next unless path.exist?
|
|
||||||
|
|
||||||
result = system_command("pkgutil", args: ["--check-signature", path], print_stderr: false)
|
|
||||||
if result.failure?
|
|
||||||
add_warning "#{message} sign their package."
|
|
||||||
next
|
|
||||||
end
|
|
||||||
|
|
||||||
result = system_command("stapler", args: ["validate", path], print_stderr: false)
|
|
||||||
if result.failure?
|
|
||||||
add_warning "#{message} notarize their package."
|
|
||||||
next
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
next unless path.exist?
|
||||||
|
|
||||||
|
result = system_command("codesign", args: ["--verify", path], print_stderr: false)
|
||||||
|
|
||||||
|
next if result.success?
|
||||||
|
|
||||||
|
message = "Signature verification failed:\n#{result.merged_output}\nmacOS on ARM requires applications " \
|
||||||
|
"to be signed. Please contact the upstream developer to let them know they should "
|
||||||
|
|
||||||
|
message += if result.stderr.include?("not signed at all")
|
||||||
|
"sign their app."
|
||||||
|
else
|
||||||
|
"fix the signature of their app."
|
||||||
|
end
|
||||||
|
|
||||||
|
add_warning message
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user