cask/audit: refine codesign audits #20300

bevanjkay · 2025-07-24T02:53:23Z

Have you followed the guidelines in our Contributing document?
Have you checked to ensure there aren't other open Pull Requests for the same change?
Have you added an explanation of what your changes do and why you'd like us to include them?
Have you written new tests for your changes? Here's an example.
Have you successfully run brew style with your changes locally?
Have you successfully run brew typecheck with your changes locally?
Have you successfully run brew tests with your changes locally?

This PR proposes a change to use the newer syspolicy_check tool for Application codesign audit.
Also check notarization for binaries.

@Homebrew/cask the main discussion point here is whether we want to require notarization for binaries or not.

Library/Homebrew/cask/audit.rb

MikeMcQuaid

Looks good when Sonoma comment addressed, thanks @bevanjkay!

bevanjkay commented Jul 24, 2025

View reviewed changes

Library/Homebrew/cask/audit.rb Show resolved Hide resolved

SMillerDev reviewed Jul 24, 2025

View reviewed changes

Library/Homebrew/cask/audit.rb Outdated Show resolved Hide resolved

MikeMcQuaid approved these changes Jul 24, 2025

View reviewed changes

cask/audit: refine codesign audits

68be276

bevanjkay force-pushed the codesign-audit-update branch from 4025457 to 68be276 Compare July 24, 2025 07:32

bevanjkay enabled auto-merge July 24, 2025 07:33

bevanjkay added this pull request to the merge queue Jul 24, 2025

Merged via the queue into main with commit e55cd21 Jul 24, 2025
36 checks passed

bevanjkay deleted the codesign-audit-update branch July 24, 2025 08:11

bevanjkay mentioned this pull request Jul 24, 2025

cask/audit: use gktool for signing audit #20303

Merged

7 tasks

Provide feedback