diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb index 10fb64ae4f..c6808e68db 100644 --- a/Library/Homebrew/attestation.rb +++ b/Library/Homebrew/attestation.rb @@ -15,9 +15,6 @@ module Homebrew # @api private HOMEBREW_CORE_REPO = "Homebrew/homebrew-core" - # @api private - GH_ATTESTATION_MIN_VERSION = T.let(Version.new("2.49.0").freeze, Version) - # @api private BACKFILL_REPO = "trailofbits/homebrew-brew-verify" @@ -74,25 +71,14 @@ module Homebrew # @api private sig { returns(Pathname) } def self.gh_executable - # NOTE: We set HOMEBREW_NO_VERIFY_ATTESTATIONS when installing `gh` itself, - # to prevent a cycle during bootstrapping. This can eventually be resolved - # by vendoring a pure-Ruby Sigstore verifier client. @gh_executable ||= T.let(nil, T.nilable(Pathname)) return @gh_executable if @gh_executable.present? + # NOTE: We set HOMEBREW_NO_VERIFY_ATTESTATIONS when installing `gh` itself, + # to prevent a cycle during bootstrapping. This can eventually be resolved + # by vendoring a pure-Ruby Sigstore verifier client. with_env(HOMEBREW_NO_VERIFY_ATTESTATIONS: "1") do - @gh_executable = ensure_executable!("gh", reason: "verifying attestations") - - gh_version = Version.new(system_command!(@gh_executable, args: ["--version"], print_stderr: false) - .stdout.match(/\d+(?:\.\d+)+/i).to_s) - if gh_version < GH_ATTESTATION_MIN_VERSION - if Formula["gh"].version < GH_ATTESTATION_MIN_VERSION - raise "#{@gh_executable} is too old, you must upgrade it to >=#{GH_ATTESTATION_MIN_VERSION} to continue" - end - - @gh_executable = ensure_formula_installed!("gh", latest: true, - reason: "verifying attestations").opt_bin/"gh" - end + @gh_executable = ensure_executable!("gh", reason: "verifying attestations", latest: true) end T.must(@gh_executable) diff --git a/Library/Homebrew/extend/kernel.rb b/Library/Homebrew/extend/kernel.rb index 410caab550..0d27cee937 100644 --- a/Library/Homebrew/extend/kernel.rb +++ b/Library/Homebrew/extend/kernel.rb @@ -425,7 +425,7 @@ module Kernel end # Ensure the given executable is exist otherwise install the brewed version - def ensure_executable!(name, formula_name = nil, reason: "") + def ensure_executable!(name, formula_name = nil, reason: "", latest: false) formula_name ||= name executable = [ @@ -438,7 +438,7 @@ module Kernel ].compact.first return executable if executable.exist? - ensure_formula_installed!(formula_name, reason:).opt_bin/name + ensure_formula_installed!(formula_name, reason:, latest:).opt_bin/name end def paths diff --git a/Library/Homebrew/test/attestation_spec.rb b/Library/Homebrew/test/attestation_spec.rb index 73c7b2d27e..7a7f32662a 100644 --- a/Library/Homebrew/test/attestation_spec.rb +++ b/Library/Homebrew/test/attestation_spec.rb @@ -6,9 +6,6 @@ RSpec.describe Homebrew::Attestation do let(:fake_gh) { Pathname.new("/extremely/fake/gh") } let(:fake_old_gh) { Pathname.new("/extremely/fake/old/gh") } let(:fake_gh_creds) { "fake-gh-api-token" } - let(:fake_gh_formula) { instance_double(Formula, "gh", opt_bin: Pathname.new("/extremely/fake")) } - let(:fake_gh_version) { instance_double(SystemCommand::Result, stdout: "2.49.0") } - let(:fake_old_gh_version) { instance_double(SystemCommand::Result, stdout: "2.48.0") } let(:fake_error_status) { instance_double(Process::Status, exitstatus: 1, termsig: nil) } let(:fake_auth_status) { instance_double(Process::Status, exitstatus: 4, termsig: nil) } let(:cached_download) { "/fake/cached/download" } @@ -69,24 +66,10 @@ RSpec.describe Homebrew::Attestation do end describe "::gh_executable" do - before do - allow(Formulary).to receive(:factory) - .with("gh") - .and_return(instance_double(Formula, version: Version.new("2.49.0"))) - - allow(described_class).to receive(:system_command!) - .with(fake_old_gh, args: ["--version"], print_stderr: false) - .and_return(fake_old_gh_version) - end - - it "calls ensure_executable and ensure_formula_installed" do + it "calls ensure_executable" do expect(described_class).to receive(:ensure_executable!) - .with("gh", reason: "verifying attestations") - .and_return(fake_old_gh) - - expect(described_class).to receive(:ensure_formula_installed!) - .with("gh", latest: true, reason: "verifying attestations") - .and_return(fake_gh_formula) + .with("gh", reason: "verifying attestations", latest: true) + .and_return(fake_gh) described_class.gh_executable end