search

Homebrew / homebrew-cask

🍻 A CLI workflow for the administration of macOS applications distributed as binaries
https://brew.sh
BSD 2-Clause "Simplified" License
20.94k stars 10.72k forks source link

Outdated or Compromised cask: MoneyMoney #42532

Closed nivoc closed 6 years ago

nivoc commented 6 years ago

https://github.com/caskroom/homebrew-cask/blob/master/Casks/moneymoney.rb

Version 2.3.3 is still the correct version. But the SHA of the zip file has changed. I wrote a mail to MoneyMoney to check if they changed the file or if it is compromised.

Expected: 67c8f64a237eea684553efbe2537912e3e1de44659e304566b42436272fff646 Actual: 270fd08dad1832220b0af627c3df4d9975e24996e8d9a36fd568543c25d16fa8

commitay commented 6 years ago

app is codesigned.

270fd08dad1832220b0af627c3df4d9975e24996e8d9a36fd568543c25d16fa8  moneymoney--2.3.3.zip
Executable=/Users/commitay/Library/Caches/Homebrew/Cask/MoneyMoney.app/Contents/MacOS/MoneyMoney
Identifier=com.moneymoney-app.retail
Format=app bundle with Mach-O universal (i386 x86_64)
CodeDirectory v=20200 size=96249 flags=0x0(none) hashes=3000+5 location=embedded
Signature size=4622
Authority=Developer ID Application: MRH applications GmbH (9BE2AB75LL)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=8 Dec 2017 at 00:39:46
Info.plist entries=34
TeamIdentifier=9BE2AB75LL
Sealed Resources version=2 rules=13 files=294
Internal requirements count=1 size=220

MoneyMoney.app: valid on disk
MoneyMoney.app: satisfies its Designated Requirement
nivoc commented 6 years ago

@commitay That means we can safely update the expected sha in brew to the new value?