Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cask audit: check binary signature and notarisation #15264

Merged
merged 2 commits into from Apr 21, 2023

Conversation

vitorgalvao
Copy link
Member

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew style with your changes locally?
  • Have you successfully run brew typecheck with your changes locally?
  • Have you successfully run brew tests with your changes locally?

Followup to #15219. Expanding the signing and notarisation requirement to binaries seems like a natural progression. I haven’t checked how many casks this affects, but casks with raw binaries are a minority compared to ones with apps.

@reitermarkus
Copy link
Member

I imagine most commonly binary is used for executables inside .apps, so this catches the rest.

Copy link
Member

@MikeMcQuaid MikeMcQuaid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @vitorgalvao!

@MikeMcQuaid
Copy link
Member

@vitorgalvao
Copy link
Member Author

I’m not familiar with the testing framework and don’t have the availability to get acquainted with it right now so I’ll take any help there.

We used the binary artifact as an example of an unsigned artifact
before in this test. Now that we're adding it as a signed artifact
the test has been updated with another example of an unsigned one.
@apainintheneck
Copy link
Contributor

The binary artifact was used previously as an example of an unsigned artifact so the when cask is not using a signed artifact test started succeeding unexpectedly. I changed it to use another unsigned artifact which should fix it.

@MikeMcQuaid MikeMcQuaid merged commit f2d064b into Homebrew:master Apr 21, 2023
24 checks passed
@MikeMcQuaid
Copy link
Member

Thanks @vitorgalvao and @apainintheneck!

@vitorgalvao vitorgalvao deleted the patch-1 branch April 21, 2023 14:07
@github-actions github-actions bot added the outdated PR was locked due to age label May 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
outdated PR was locked due to age
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants