admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #20286 from Homebrew/enable_signing_audit

Browse Source 
cask/audit: always enable codesign audit
This commit is contained in:
Bevan Kay 2025-07-22 07:27:10 +00:00 committed by GitHub
commit 3bec1171ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Library/Homebrew/cask/audit.rb
View File

@ -486,7 +486,13 @@ module Cask
sig { void } sig { void }
def audit_signing def audit_signing
return if !signing? || download.blank? || (url = cask.url).nil? return if download.blank?
url = cask.url
return if url.nil?
return if !cask.tap.official? && !signing?
return if cask.deprecated? && cask.deprecation_reason != :unsigned
odebug "Auditing signing" odebug "Auditing signing"
@ -511,9 +517,15 @@ module Cask
add_error "Unknown artifact type: #{artifact.class}", location: url.location add_error "Unknown artifact type: #{artifact.class}", location: url.location
end end
if result.success? && cask.deprecated? && cask.deprecation_reason == :unsigned
add_error "Cask is deprecated as unsigned but artifacts are signed!"
end
next if cask.deprecated? && cask.deprecation_reason == :unsigned
next if result.success? next if result.success?
add_error <<~EOS, location: url.location, strict_only: true add_error <<~EOS, location: url.location
Signature verification failed: Signature verification failed:
#{result.merged_output} #{result.merged_output}
macOS on ARM requires software to be signed. macOS on ARM requires software to be signed.