Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cask: activate GPG verification on install #1335

Closed
wants to merge 16 commits into from
Closed

cask: activate GPG verification on install #1335

wants to merge 16 commits into from

Conversation

jawshooah
Copy link
Contributor

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew tests with your changes locally?

Following up on Homebrew/homebrew-cask#16090.

@Homebrew/cask @fanquake @ndr-qef

ndr and others added 16 commits October 20, 2016 01:12
@jawshooah
Do not abort on failed GPG check
3e13b91 
and store the result in a field instead. Failure handling is delegated.
@jawshooah
Style nits in Hbc::GpgCheck
7929e60
@jawshooah
Expose more fields in Hbc::GpgCheck
a7910df
@jawshooah
Fix caching of gpg signatures
0055a8d 
Specifically, handle cases where the most recent metadata folder was
created by something other than GpgCheck, e.g. an `install --force`.
@jawshooah
Wrap GPG key import failure with CaskError
c98b312
@jawshooah
Add exception for failed GPG verification
3c7f241
@jawshooah
Do not purge files upon failed GPG verification
cb0807f
@jawshooah
Raise error if GPG verification unsuccessful
bc55a88
@jawshooah
Add Hbc::Verify::Gpg to list of verifications
4f82a03
@jawshooah
Add test helpers for local support path
c0fd3c3
@jawshooah
Load gpg signature, key_url as Hbc::URLs
cf19e26
@jawshooah
Add gpg tests
45f81e0 
and associated support files: test Casks, binaries, signature.
@jawshooah
Remove Hbc::Verify::Gpg#successful
ea56356
@jawshooah
Don't retrieve signature until #verify is called
c10fa78
@jawshooah
Print warning if gpg is not installed
a5305dc
@jawshooah
Use cask accessor instead of @cask instance variable
535be9a
@jawshooah jawshooah added the cask Homebrew Cask label Oct 20, 2016
@BrewTestBot BrewTestBot added the in progress Maintainers are working on this label Oct 20, 2016
@jawshooah jawshooah mentioned this pull request Oct 20, 2016
Closed
@zmwangx
Copy link
Contributor

zmwangx commented Oct 23, 2016

Library/Homebrew/cask/test/support/binaries/gnupg-2.1.1.tar.bz2 and Library/Homebrew/cask/test/support/binaries/gnupg-2.1.1_tampered.tar.bz2: please, committing ~5MB files to the repo is not cool.

@jawshooah
Copy link
Contributor Author

Yup, those are left over from when we had a bunch of similar sized fixtures. These commits are over a year old; haven't gotten around to cleaning them up yet. AFK right now, but will add the do not merge label when I get a chance.

@zmwangx
Copy link
Contributor

zmwangx commented Oct 23, 2016

Added.

@antonakv antonakv mentioned this pull request Nov 30, 2016
Closed
@johnrees johnrees mentioned this pull request Dec 30, 2016
Closed
8 tasks
@MikeMcQuaid
Copy link
Member

@jawshooah Any news on this? If it's too stale might just be worth closing out.

@jawshooah
Copy link
Contributor Author

Sadly no, no news, and likely none to come for a while. I agree we should just close this for now. We can re-open when I have time to clean this up later, or someone else can feel free to pick up where I left off whenever.

@jawshooah jawshooah closed this Feb 17, 2017
@claui claui mentioned this pull request Sep 8, 2017
Merged
10 tasks
commitay pushed a commit to Homebrew/homebrew-cask that referenced this pull request Sep 20, 2017
@claui @commitay
Update 1password-cli: add gpg stanza (#38398)
fc01fd6 
Even though we’re not quite there yet regarding GPG support (cf.
issue #5971 and PR Homebrew/brew#1335), I’d
still prefer for new casks to have `gpg` stanzas where detached
signatures are available (cf. PR #6185).

For details on the authenticity of the public key, see:

- https://support.1password.com/command-line-getting-started/#set-up-the-command-line-tool

- https://keybase.io/1password
@Homebrew Homebrew locked and limited conversation to collaborators May 3, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cask Homebrew Cask in progress Maintainers are working on this
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jawshooah @zmwangx @MikeMcQuaid @BrewTestBot