Skip to content

cask/audit: adjust signing failure error message #20999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MikeMcQuaid merged 2 commits into from
Nov 10, 2025
Merged

cask/audit: adjust signing failure error message #20999

MikeMcQuaid merged 2 commits into from
Nov 10, 2025
+10 −3

Conversation

@p-linnane
Copy link
Member

@p-linnane p-linnane commented Nov 7, 2025

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew style with your changes locally?
  • Have you successfully run brew typecheck with your changes locally?
  • Have you successfully run brew tests with your changes locally?

"macOS on ARM requires software to be signed." is misleading for the checks we're running. This PR adjusts the messaging for signing failures to better distinguish between Homebrew/cask and third-party taps. url.location also doesn't provide anything meaningful for this audit, so I've removed that to reduce noise.

Before:

 - Signature verification failed:
Progress: 356/356
Scan completed, but failed because the software is not signed by a distributor that meets the system Gatekeeper requirements.

macOS on ARM requires software to be signed.
Please contact the upstream developer to let them know they should sign and notarize their software.
foo
  * line 5, col 2: Signature verification failed:
Progress: 356/356
    Scan completed, but failed because the software is not signed by a distributor that meets the system Gatekeeper requirements.

    macOS on ARM requires software to be signed.
    Please contact the upstream developer to let them know they should sign and notarize their software.
Error: 1 problem in 1 cask detected.

After:

 - Signature verification failed:
Progress: 356/356
Scan completed, but failed because the software is not signed by a distributor that meets the system Gatekeeper requirements.

Homebrew/cask requires all casks to be signed and notarized by Apple.
Please contact the upstream developer and ask them to sign and notarize their software.
foo
  * Signature verification failed:
Progress: 356/356
    Scan completed, but failed because the software is not signed by a distributor that meets the system Gatekeeper requirements.

    Homebrew/cask requires all casks to be signed and notarized by Apple.
    Please contact the upstream developer and ask them to sign and notarize their software.
Error: 1 problem in 1 cask detected.

Copilot AI review requested due to automatic review settings November 7, 2025 18:53
Copilot AI reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the error message shown when cask signature verification fails. The changes make the error message more specific to official Homebrew taps by conditionally appending additional guidance.

  • Refactored the signing failure error message to be built conditionally
  • Added tap-specific guidance for official Homebrew taps about signing requirements

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

EricFromCanada
EricFromCanada approved these changes Nov 7, 2025
View reviewed changes
Copilot AI review requested due to automatic review settings November 10, 2025 08:50
Copilot AI reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MikeMcQuaid MikeMcQuaid added this pull request to the merge queue Nov 10, 2025
Merged via the queue into main with commit e39a2e9 Nov 10, 2025
43 checks passed
@MikeMcQuaid MikeMcQuaid deleted the cask-signing-audit-message branch November 10, 2025 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MikeMcQuaid MikeMcQuaid MikeMcQuaid approved these changes

@EricFromCanada EricFromCanada EricFromCanada approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@p-linnane @MikeMcQuaid @EricFromCanada