audit: check for master branch tar/zipballs.

These have unstable checksums and aren't the tagged, stable releases we require.
author: Mike McQuaid 2016-10-29 17:52:13 -0400
committer: Mike McQuaid 2016-10-29 17:52:13 -0400
commit: 337810bf3ee19aed4cc1bac3489bf269ead246fd (patch)
tree: f5f4887ac31819b911ff217a6744a791dbc97d35 /Library
parent: 0c140f0970c4d4de81e8233913daa7fc768defad (diff)
download: brew-337810bf3ee19aed4cc1bac3489bf269ead246fd.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 12eaf9167..2c5fdcc95 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -1288,6 +1288,11 @@ class ResourceAuditor
       problem "Please use https:// for #{u}"
     end
 
+    # Check for master branch GitHub archives.
+    urls.grep(%r{^https://github\.com/.*archive/master\.(tar\.gz|zip)$}) do
+      problem "Use versioned rather than branch tarballs for stable checksums."
+    end
+
     # Use new-style archive downloads
     urls.each do |u|
       next unless u =~ %r{https://.*github.*/(?:tar|zip)ball/} && u !~ /\.git$/
author	Mike McQuaid	2016-10-29 17:52:13 -0400
committer	Mike McQuaid	2016-10-29 17:52:13 -0400
commit	337810bf3ee19aed4cc1bac3489bf269ead246fd (patch)
tree	f5f4887ac31819b911ff217a6744a791dbc97d35 /Library
parent	0c140f0970c4d4de81e8233913daa7fc768defad (diff)
download	brew-337810bf3ee19aed4cc1bac3489bf269ead246fd.tar.bz2