From 344a5021d8b4900aac189345a0e11820715c2560 Mon Sep 17 00:00:00 2001
From: Justin Krehel <39449589+krehel@users.noreply.github.com>
Date: Wed, 3 Apr 2024 17:08:09 -0400
Subject: [PATCH] cask/audit.rb: update signing checks for app, binary, and pkg

---
 Library/Homebrew/cask/audit.rb                 | 18 +++++++++++++++---
 .../Homebrew/unpack_strategy/uncompressed.rb   |  2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb
index f2805902ef0f6..2a59251469202 100644
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@@ -482,13 +482,25 @@ def audit_signing
       odebug "Auditing signing"
 
       extract_artifacts do |artifacts, tmpdir|
+        is_container = artifacts.any? { |a| a.is_a?(Artifact::App) || a.is_a?(Artifact::Pkg) }
+
         artifacts.each do |artifact|
+          next if artifact.is_a?(Artifact::Binary) && is_container == true
+
           artifact_path = artifact.is_a?(Artifact::Pkg) ? artifact.path : artifact.source
-          path = tmpdir/artifact_path.relative_path_from(cask.staged_path)
 
-          next unless path.exist?
+          path = tmpdir/artifact_path.relative_path_from(cask.staged_path)
 
-          result = system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
+          result = case artifact
+          when Artifact::Pkg
+            system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false)
+          when Artifact::App
+            system_command("spctl", args: ["--assess", "--type", "execute", path], print_stderr: false)
+          when Artifact::Binary
+            system_command("codesign",  args: ["--verify", path], print_stderr: false)
+          else
+            add_error "Unknown artifact type: #{artifact.class}", location: cask.url.location
+          end
 
           next if result.success?
 
diff --git a/Library/Homebrew/unpack_strategy/uncompressed.rb b/Library/Homebrew/unpack_strategy/uncompressed.rb
index 4d4e6896fa75b..fdde716dcbf4c 100644
--- a/Library/Homebrew/unpack_strategy/uncompressed.rb
+++ b/Library/Homebrew/unpack_strategy/uncompressed.rb
@@ -22,7 +22,7 @@ def extract_nestedly(to: nil, basename: nil, verbose: false, prioritize_extensio
 
     sig { override.params(unpack_dir: Pathname, basename: Pathname, verbose: T::Boolean).returns(T.untyped) }
     def extract_to_dir(unpack_dir, basename:, verbose: false)
-      FileUtils.cp path, unpack_dir/basename, preserve: true, verbose:
+      FileUtils.cp path, unpack_dir/basename.sub(/^[\da-f]{64}--/, ""), preserve: true, verbose:
     end
   end
 end