All packages from 4.1.23 and up are unnotarized

ianmmyers commented 7 months ago

[ ] your problem was from running the official install or uninstall script? The issue is with using the installer pkg
[ ] after installation: ran brew config and brew doctor and included their output with your issue? If you couldn't install: provided your OS version with the output of your issue? OS version - Sonoma 14.3

output when trying to install via Installomator 2024-01-25 13:09:27 : ERROR : homebrew : ERROR: Error verifying Homebrew.pkg error: Homebrew.pkg: rejected source=Unnotarized Developer ID origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)

What you were trying to do (and why)

Install the latest version of Homebrew using the Installomator script, via my company's Jamf instance

What happened (include command output)

Command output


2024-01-25 13:09:27 : ERROR : homebrew : ERROR: Error verifying Homebrew.pkg error:
Homebrew.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)

What you expected to happen

The package would install

Step-by-step reproduction instructions (by running `brew` commands)

unable to use 'brew' as it failed to install

NOTE: This issue is NOT with Installomator, but is the package itself. I verified this by downloading several recent packages and did the following

Command output

6802-IMY-1:Downloads imy$ spctl -a -vvv -t install ./Homebrew-4.2.5.pkg
./Homebrew-4.2.5.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)
6802-IMY-1:Downloads imy$ spctl -a -vvv -t install ./Homebrew-4.2.4.pkg
./Homebrew-4.2.4.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)
6802-IMY-1:Downloads imy$ spctl -a -vvv -t install ./Homebrew-4.1.22.pkg
./Homebrew-4.1.22.pkg: accepted
source=Notarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)
6802-IMY-1:Downloads imy$ spctl -a -vvv -t install ./Homebrew-4.1.23.pkg
./Homebrew-4.1.23.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)

As demonstrated, notarization was last present on 4.1.22 and every subsequent package has it missing.

MikeMcQuaid commented 7 months ago

Cannot reproduce:

$ spctl -a -vvv -t install ./Homebrew-4.2.5.pkg
./Homebrew-4.2.5.pkg: accepted
source=Notarized Developer ID
origin=Developer ID Installer: Mike McQuaid (6248TWFRH6)

https://github.com/Homebrew/brew/actions/runs/7610923483/job/20735439191 also confirms this was notarised successfully.

MikeMcQuaid commented 7 months ago

Will reopen if any other maintainers can reproduce this.

Bo98 commented 7 months ago

This might happen if Gatekeeper can't connect to the online notary service to fetch the ticket. We currently don't staple the ticket to the pkg for offline validation but we probably should.

ianmmyers commented 7 months ago

Thanks @MikeMcQuaid and @Bo98

It's certainly something on my end and am digging through logs to identify. If I am connected to our corporate network I have the issue, whereas if I connect to a hotspot I don't. I'm working to get the details now for my network teak to investigate and fix.

Homebrew / install