cask/audit: refine codesign audits

2025-07-24 12:52:08 +10:00 · 2025-07-24 12:52:08 +10:00 · 68be276a11
commit 68be276a11
parent 50fa89e96b
1 changed files with 7 additions and 2 deletions
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@ -510,12 +510,17 @@ module Cask
          when Artifact::Pkg
            system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
          when Artifact::App
+            if which("syspolicy_check")
+              system_command("syspolicy_check", args: ["distribution", path], print_stderr: false)
+            else
              system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
+            end
          when Artifact::Binary
            # Shell scripts cannot be signed, so we skip them
            next if path.text_executable?

-            system_command("codesign",  args: ["--verify", path], print_stderr: false)
+            system_command("codesign",  args:         ["--verify", "-R=notarized", "--check-notarization", path],
+                                        print_stderr: false)
          else
            add_error "Unknown artifact type: #{artifact.class}", location: url.location
          end