admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

cask/audit: refine codesign audits

Browse Source
This commit is contained in:
Bevan Kay 2025-07-24 12:52:08 +10:00
parent 50fa89e96b
commit 68be276a11
No known key found for this signature in database
GPG Key ID: C55CB024B5314B57
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Library/Homebrew/cask/audit.rb
View File

@ -510,12 +510,17 @@ module Cask
when Artifact::Pkg when Artifact::Pkg
system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false) system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
when Artifact::App when Artifact::App
system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false) if which("syspolicy_check")
system_command("syspolicy_check", args: ["distribution", path], print_stderr: false)
else
system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
end
when Artifact::Binary when Artifact::Binary
# Shell scripts cannot be signed, so we skip them # Shell scripts cannot be signed, so we skip them
next if path.text_executable? next if path.text_executable?
system_command("codesign", args: ["--verify", path], print_stderr: false) system_command("codesign", args: ["--verify", "-R=notarized", "--check-notarization", path],
print_stderr: false)
else else
add_error "Unknown artifact type: #{artifact.class}", location: url.location add_error "Unknown artifact type: #{artifact.class}", location: url.location
end end