From a0a3333ee4ed5388aff7dce2812b3e72708afddf Mon Sep 17 00:00:00 2001 From: Bo Anderson Date: Tue, 30 Jul 2024 04:51:00 +0100 Subject: [PATCH 1/2] utils/github/api: fix encoding errors when reading from keychain --- Library/Homebrew/utils/github/api.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/utils/github/api.rb b/Library/Homebrew/utils/github/api.rb index 4dc96c50d5..324986fce2 100644 --- a/Library/Homebrew/utils/github/api.rb +++ b/Library/Homebrew/utils/github/api.rb @@ -177,8 +177,9 @@ module GitHub print_stderr: false return unless result.success? - github_username = git_credential_out[/username=(.+)/, 1] - github_password = git_credential_out[/password=(.+)/, 1] + git_credential_out.force_encoding("ASCII-8BIT") + github_username = git_credential_out[/^username=(.+)/, 1] + github_password = git_credential_out[/^password=(.+)/, 1] return unless github_username # Don't use passwords from the keychain unless they look like From 1b8a8a090217e4412d198053aae0f72b212e39c8 Mon Sep 17 00:00:00 2001 From: Bo Anderson Date: Tue, 30 Jul 2024 04:51:29 +0100 Subject: [PATCH 2/2] attestation: only extract credentials when necessary --- Library/Homebrew/attestation.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb index c6808e68db..853643465f 100644 --- a/Library/Homebrew/attestation.rb +++ b/Library/Homebrew/attestation.rb @@ -59,11 +59,11 @@ module Homebrew def self.enabled? return false if Homebrew::EnvConfig.no_verify_attestations? return true if Homebrew::EnvConfig.verify_attestations? - return false if GitHub::API.credentials.blank? return false if ENV.fetch("CI", false) return false if OS.unsupported_configuration? - Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun? + # Always check credentials last to avoid unnecessary credential extraction. + (Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun?) && GitHub::API.credentials.present? end # Returns a path to a suitable `gh` executable for attestation verification.