Merge pull request #2601 from reitermarkus/audit-version-checksum

Add audit check to see if both version and checksum changed.
author: Markus Reiter 2017-05-22 02:23:33 +0200
committer: GitHub 2017-05-22 02:23:33 +0200
commit: 8f068a356dfe4769905d2487533b9e8124287098 (patch)
tree: 9097e725239a045c34e0e3aafb9ea67ee7e4d15d /Library/Homebrew/dev-cmd
parent: 6d8c170e50b6ee232e4f8958c92735bf411a72e9 (diff)
parent: 473bdadbcd0f87fdeda98f73b25bb47a14221281 (diff)
download: brew-8f068a356dfe4769905d2487533b9e8124287098.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 3c42b45a1..516388c68 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -746,6 +746,15 @@ class FormulaAuditor
     return if @new_formula
 
     fv = FormulaVersions.new(formula)
+
+    previous_version_and_checksum = fv.previous_version_and_checksum("origin/master")
+    [:stable, :devel].each do |spec_sym|
+      next unless spec = formula.send(spec_sym)
+      next unless previous_version_and_checksum[spec_sym][:version] == spec.version
+      next if previous_version_and_checksum[spec_sym][:checksum] == spec.checksum
+      problem "#{spec_sym}: sha256 changed without the version also changing; please create an issue upstream to rule out malicious circumstances and to find out why the file changed."
+    end
+
     attributes = [:revision, :version_scheme]
     attributes_map = fv.version_attributes_map(attributes, "origin/master")
author	Markus Reiter	2017-05-22 02:23:33 +0200
committer	GitHub	2017-05-22 02:23:33 +0200
commit	8f068a356dfe4769905d2487533b9e8124287098 (patch)
tree	9097e725239a045c34e0e3aafb9ea67ee7e4d15d /Library/Homebrew/dev-cmd
parent	6d8c170e50b6ee232e4f8958c92735bf411a72e9 (diff)
parent	473bdadbcd0f87fdeda98f73b25bb47a14221281 (diff)
download	brew-8f068a356dfe4769905d2487533b9e8124287098.tar.bz2