admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #20300 from Homebrew/codesign-audit-update

Browse Source 
cask/audit: refine codesign audits
This commit is contained in:
Bevan Kay 2025-07-24 07:48:35 +00:00 committed by GitHub
commit e55cd2158c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Library/Homebrew/cask/audit.rb
View File

@ -510,12 +510,17 @@ module Cask
when Artifact::Pkg
system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
when Artifact::App
system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
if which("syspolicy_check")
system_command("syspolicy_check", args: ["distribution", path], print_stderr: false)
else
system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
end
when Artifact::Binary
# Shell scripts cannot be signed, so we skip them
next if path.text_executable?
system_command("codesign", args: ["--verify", path], print_stderr: false)
system_command("codesign", args: ["--verify", "-R=notarized", "--check-notarization", path],
print_stderr: false)
else
add_error "Unknown artifact type: #{artifact.class}", location: url.location
end