Merge pull request #17692 from Homebrew/ww/attestations-for-dev

Homebrew · Jul 13, 2024 · 6a5bcb3 · 6a5bcb3
2 parents 7c90c2d + 255e750
commit 6a5bcb3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb
@@ -40,6 +40,16 @@ class InvalidAttestationError < RuntimeError; end
     # @api private
     class GhAuthNeeded < RuntimeError; end
 
+    # Returns whether attestation verification is enabled.
+    #
+    # @api private
+    sig { returns(T::Boolean) }
+    def self.enabled?
+      Homebrew::EnvConfig.verify_attestations? \
+        || Homebrew::EnvConfig.developer? \
+        || Homebrew::Settings.read("devcmdrun") == "true"
+    end
+
     # Returns a path to a suitable `gh` executable for attestation verification.
     #
     # @api private

diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb
@@ -1258,7 +1258,7 @@ def downloader
   def pour
     # We skip `gh` to avoid a bootstrapping cycle, in the off-chance a user attempts
     # to explicitly `brew install gh` without already having a version for bootstrapping.
-    if Homebrew::EnvConfig.verify_attestations? && formula.tap&.core_tap? && formula.name != "gh"
+    if Homebrew::Attestation.enabled? && formula.tap&.core_tap? && formula.name != "gh"
       ohai "Verifying attestation for #{formula.name}"
       begin
         Homebrew::Attestation.check_core_attestation formula.bottle