Error: The bottle for popt has an invalid build provenance attestation.

Mrered commented 1 month ago

`brew gist-logs <formula>` link OR `brew config` AND `brew doctor` output

❯ brew gist-logs popt
Error: No logs.
❯ brew config
HOMEBREW_VERSION: 4.3.9-376-gcc32d08-dirty
ORIGIN: https://github.com/Homebrew/brew
HEAD: cc32d08c41a85fee405aeff9fab434beeb910922
Last commit: 2 hours ago
Core tap HEAD: db3f94ff11b37d0bf31019a6cb2fbae2b2a0ea4e
Core tap last commit: 62 minutes ago
Core tap JSON: 24 Jul 19:23 UTC
Core cask tap origin: https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-cask.git
Core cask tap HEAD: e74521db8c5a6aa8904e8a4b5ce2e4b6d19a81ff
Core cask tap last commit: 65 minutes ago
Core cask tap JSON: 24 Jul 19:23 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_AUTO_UPDATE_SECS: 604800
HOMEBREW_BOTTLE_DOMAIN: https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles/
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 8
HOMEBREW_SORBET_RUNTIME: set
Homebrew Ruby: 3.3.4 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.4/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 15.0.0 build 1500
Git: 2.39.3 => /Library/Developer/CommandLineTools/usr/bin/git
Curl: 8.6.0 => /usr/bin/curl
macOS: 14.5-arm64
CLT: 15.3.0.0.1.1708646388
Xcode: N/A
Rosetta 2: false

Verification

[X] My brew doctor output says Your system is ready to brew. and am still able to reproduce my issue.
[X] I ran brew update and am still able to reproduce my issue.
[X] I have resolved all warnings from brew doctor and that did not fix my problem.
[X] I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.

What were you trying to do (and why)?

brew install rsync

What happened (include all command output)?

❯ brew install rsync
==> Fetching dependencies for rsync: popt and xxhash
==> Fetching popt
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//popt-1.19
######################################################################### 100.0%
==> Fetching xxhash
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//xxhash-0.
######################################################################### 100.0%
==> Fetching rsync
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//rsync-3.3
######################################################################### 100.0%
==> Installing dependencies for rsync: popt and xxhash
==> Installing rsync dependency: popt
==> Verifying attestation for popt
Error: The bottle for popt has an invalid build provenance attestation.

This may indicate that the bottle was not produced by the expected
tap, or was maliciously inserted into the expected tap's bottle
storage.

Additional context:

no attestation matches subject

What did you expect to happen?

I think rsync will be installed correctly.

Step-by-step reproduction instructions (by running `brew` commands)

As above.

SMillerDev commented 1 month ago

Duplicate of https://github.com/Homebrew/homebrew-core/issues/177384

Mrered commented 1 month ago

❯ HOMEBREW_NO_VERIFY_ATTESTATIONS=1 brew install rsync
==> Fetching dependencies for rsync: popt and xxhash
==> Fetching popt
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//popt-1.19
Already downloaded: /Users/mrered/Library/Caches/Homebrew/downloads/207e32b3b9a7639c205537adf3727d026fa871760fce05273bca16f4b448d5c8--popt-1.19.arm64_sonoma.bottle.tar.gz
==> Fetching xxhash
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//xxhash-0.
Already downloaded: /Users/mrered/Library/Caches/Homebrew/downloads/98fc58372a12d72a9e41e71a4f389d52d0b442ce5aa2d0f0fba96f251e301b5b--xxhash-0.8.2.arm64_sonoma.bottle.tar.gz
==> Fetching rsync
==> Downloading https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles//rsync-3.3
Already downloaded: /Users/mrered/Library/Caches/Homebrew/downloads/93291f2a4b5be12bdd7747813bd89e5e09e86f589776696188e22205245dc636--rsync-3.3.0.arm64_sonoma.bottle.tar.gz
==> Installing dependencies for rsync: popt and xxhash
==> Installing rsync dependency: popt
==> Pouring popt-1.19.arm64_sonoma.bottle.tar.gz
🍺  /opt/homebrew/Cellar/popt/1.19: 11 files, 193.1KB
==> Installing rsync dependency: xxhash
==> Pouring xxhash-0.8.2.arm64_sonoma.bottle.tar.gz
🍺  /opt/homebrew/Cellar/xxhash/0.8.2: 22 files, 465.3KB
==> Installing rsync
==> Pouring rsync-3.3.0.arm64_sonoma.bottle.tar.gz
🍺  /opt/homebrew/Cellar/rsync/3.3.0: 12 files, 1MB
==> Running `brew cleanup rsync`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).

Mrered commented 1 month ago

@SMillerDev Thank you for reminding me, I'm sorry that I only searched for the keyword "popt". 😢

woodruffw commented 1 month ago

Hi @Mrered, thanks for filing. I'll follow up in #177384.

Homebrew / homebrew-core

Error: The bottle for popt has an invalid build provenance attestation. #178345

`brew gist-logs <formula>` link OR `brew config` AND `brew doctor` output

Verification

What were you trying to do (and why)?

What happened (include all command output)?

What did you expect to happen?

Step-by-step reproduction instructions (by running `brew` commands)

Homebrew / homebrew-core

Error: The bottle for popt has an invalid build provenance attestation. #178345

brew gist-logs <formula> link OR brew config AND brew doctor output

Verification

What were you trying to do (and why)?

What happened (include all command output)?

What did you expect to happen?

Step-by-step reproduction instructions (by running brew commands)

`brew gist-logs <formula>` link OR `brew config` AND `brew doctor` output

Step-by-step reproduction instructions (by running `brew` commands)