Homebrew · reitermarkus · Sep 5, 2018 · Sep 4, 2018
diff --git a/Library/Homebrew/cask/verify.rb b/Library/Homebrew/cask/verify.rb
@@ -1,31 +1,24 @@
-require "cask/verify/checksum"
-
 module Hbc
   module Verify
     module_function
 
-    def verifications
-      [
-        Hbc::Verify::Checksum,
-      ]
-    end
-
     def all(cask, downloaded_path)
-      odebug "Verifying download"
-      verifications = for_cask(cask)
-      odebug "#{verifications.size} verifications defined", verifications
-      verifications.each do |verification|
-        odebug "Running verification of class #{verification}"
-        verification.new(cask, downloaded_path).verify
+      if cask.sha256 == :no_check
+        ohai "No SHA-256 checksum defined for Cask '#{cask}', skipping verification."
+        return
       end
-    end
 
-    def for_cask(cask)
-      odebug "Determining which verifications to run for Cask #{cask}"
-      verifications.select do |verification|
-        odebug "Checking for verification class #{verification}"
-        verification.me?(cask)
-      end
+      ohai "Verifying SHA-256 checksum for Cask '#{cask}'."
+
+      expected = cask.sha256
+      computed = downloaded_path.sha256
+
+      raise CaskSha256MissingError.new(cask.token, expected, computed) if expected.nil? || expected.empty?
+
+      return if expected == computed
+
+      ohai "Note: Running `brew update` may fix SHA-256 checksum errors."
+      raise CaskSha256MismatchError.new(cask.token, expected, computed, downloaded_path)
     end
   end
 end
diff --git a/Library/Homebrew/cask/verify/checksum.rb b/Library/Homebrew/cask/verify/checksum.rb
diff --git a/Library/Homebrew/test/cask/verify/checksum_spec.rb b/Library/Homebrew/test/cask/verify/checksum_spec.rb
diff --git a/Library/Homebrew/test/cask/verify_spec.rb b/Library/Homebrew/test/cask/verify_spec.rb
@@ -1,63 +1,52 @@
-describe Hbc::Verify, :cask do
-  let(:cask) { double("cask") }
-
-  let(:verification_classes) {
-    [
-      applicable_verification_class,
-      inapplicable_verification_class,
-    ]
-  }
-
-  let(:applicable_verification_class) {
-    double("applicable_verification_class", me?: true)
-  }
-
-  let(:inapplicable_verification_class) {
-    double("inapplicable_verification_class", me?: false)
-  }
-
-  before do
-    allow(described_class).to receive(:verifications)
-      .and_return(verification_classes)
-  end
+module Hbc
+  describe Verify, :cask do
+    describe "::all" do
+      subject(:verification) { described_class.all(cask, downloaded_path) }
+      let(:cask) { instance_double(Cask, token: "cask", sha256: expected_sha256) }
+      let(:cafebabe) { "cafebabecafebabecafebabecafebabecafebabecafebabecafebabecafebabe" }
+      let(:deadbeef) { "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef" }
+      let(:computed_sha256) { cafebabe }
+      let(:downloaded_path) { instance_double(Pathname, sha256: computed_sha256) }
+
+      context "when the expected checksum is :no_check" do
+        let(:expected_sha256) { :no_check }
+
+        it "skips the check" do
+          expect { verification }.to output(/skipping verification/).to_stdout
+        end
+      end
 
-  describe ".for_cask" do
-    subject { described_class.for_cask(cask) }
+      context "when expected and computed checksums match" do
+        let(:expected_sha256) { cafebabe }
 
-    it "checks applicability of each verification" do
-      verification_classes.each do |verify_class|
-        expect(verify_class).to receive(:me?).with(cask)
+        it "does not raise an error" do
+          expect { verification }.not_to raise_error
+        end
       end
-      subject
-    end
 
-    it "includes applicable verifications" do
-      expect(subject).to include(applicable_verification_class)
-    end
+      context "when the expected checksum is nil" do
+        let(:expected_sha256) { nil }
 
-    it "excludes inapplicable verifications" do
-      expect(subject).not_to include(inapplicable_verification_class)
-    end
-  end
+        it "raises an error" do
+          expect { verification }.to raise_error CaskSha256MissingError
+        end
+      end
 
-  describe ".all" do
-    subject { described_class.all(cask, downloaded_path) }
+      context "when the expected checksum is empty" do
+        let(:expected_sha256) { "" }
 
-    let(:downloaded_path) { double("downloaded_path") }
-    let(:applicable_verification) { double("applicable_verification") }
-    let(:inapplicable_verification) { double("inapplicable_verification") }
+        it "raises an error" do
+          expect { verification }.to raise_error CaskSha256MissingError
+        end
+      end
 
-    before do
-      allow(applicable_verification_class).to receive(:new)
-        .and_return(applicable_verification)
-      allow(inapplicable_verification_class).to receive(:new)
-        .and_return(inapplicable_verification)
-    end
+      context "when expected and computed checksums do not match" do
+        let(:expected_sha256) { deadbeef }
 
-    it "runs only applicable verifications" do
-      expect(applicable_verification).to receive(:verify)
-      expect(inapplicable_verification).not_to receive(:verify)
-      subject
+        it "raises an error" do
+          expect { verification }.to raise_error CaskSha256MismatchError
+        end
+      end
     end
   end
 end