Merge pull request #17692 from Homebrew/ww/attestations-for-dev

2024-07-13 15:09:30 -04:00 · 2024-07-13 15:09:30 -04:00 · 6a5bcb339d
commit 6a5bcb339d
parent 7c90c2df92 255e75068e
2 changed files with 11 additions and 1 deletions
--- a/Library/Homebrew/attestation.rb
+++ b/Library/Homebrew/attestation.rb
@ -40,6 +40,16 @@ module Homebrew
    # @api private
    class GhAuthNeeded < RuntimeError; end

+    # Returns whether attestation verification is enabled.
+    #
+    # @api private
+    sig { returns(T::Boolean) }
+    def self.enabled?
+      Homebrew::EnvConfig.verify_attestations? \
+        || Homebrew::EnvConfig.developer? \
+        || Homebrew::Settings.read("devcmdrun") == "true"
+    end
+
    # Returns a path to a suitable `gh` executable for attestation verification.
    #
    # @api private
--- a/Library/Homebrew/formula_installer.rb
+++ b/Library/Homebrew/formula_installer.rb
@ -1258,7 +1258,7 @@ on_request: installed_on_request?, options:)
  def pour
    # We skip `gh` to avoid a bootstrapping cycle, in the off-chance a user attempts
    # to explicitly `brew install gh` without already having a version for bootstrapping.
-    if Homebrew::EnvConfig.verify_attestations? && formula.tap&.core_tap? && formula.name != "gh"
+    if Homebrew::Attestation.enabled? && formula.tap&.core_tap? && formula.name != "gh"
      ohai "Verifying attestation for #{formula.name}"
      begin
        Homebrew::Attestation.check_core_attestation formula.bottle