Questions around developing a new cask for "microsoft-authentication-cli"

[keyuxuan]

Output of brew config

HOMEBREW_VERSION: 4.4.0-117-gbdb9ed0
ORIGIN: https://github.com/Homebrew/brew
HEAD: bdb9ed0531d50a973513692f50bb9071fe24557e
Last commit: 26 hours ago
Core tap HEAD: e90c2f0bbc16e51278233946852a5355948e0731
Core tap last commit: 2 weeks ago
Core tap branch: add-AzureAuth-to-Homebrew
Core tap JSON: 10 Oct 18:07 UTC
Core cask tap HEAD: 2d4945e0617b47704be1f61823578b7b04b1fcd1
Core cask tap last commit: 6 days ago
Core cask tap branch: add-microsoft-authentication-cli-to-homebrew-cask
Core cask tap JSON: 10 Oct 18:07 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 8
HOMEBREW_NO_AUTO_UPDATE: set
HOMEBREW_NO_INSTALL_FROM_API: set
HOMEBREW_SORBET_RUNTIME: set
Homebrew Ruby: 3.3.5 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.5/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 16.0.0 build 1600
Git: 2.39.5 => /Applications/Xcode.app/Contents/Developer/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.0.1-arm64
CLT: 16.0.0.0.1.1724870825
Xcode: 16.0
Rosetta 2: false

Output of brew doctor

Warning: You have uncommitted modifications to Homebrew/homebrew-core.
If this is a surprise to you, then you should stash these modifications.
Stashing returns Homebrew to a pristine state but can be undone
should you later need to do so for some reason.
  cd /opt/homebrew/Library/Taps/homebrew/homebrew-core && git stash -u && git clean -d -f


Uncommitted files:
  ?? Formula/m/microsoft-authentication-cli.rb


You have uncommitted modifications to Homebrew/homebrew-cask.
If this is a surprise to you, then you should stash these modifications.
Stashing returns Homebrew to a pristine state but can be undone
should you later need to do so for some reason.
  cd /opt/homebrew/Library/Taps/homebrew/homebrew-cask && git stash -u && git clean -d -f


Uncommitted files:
  ?? Casks/m/microsoft-authentication-cli.rb


Warning: Some taps are not on the default git origin branch and may not receive
updates. If this is a surprise to you, check out the default branch with:
  git -C $(brew --repo homebrew/core) checkout master
  git -C $(brew --repo homebrew/cask) checkout master

Description of issue

I am working on onboarding a new package (a CLI tool) microsoft-authentication-cli to Homebrew.

I tried to onboard microsoft-authentication-cli to Homebrew through cask. And I was able to install the package successfully on my mac machine by running brew install.

However, when i tried to run the cli commands, for example azureauth --version for the first time. I keep getting the warnings such as Apple could not verify "azureauth" is free of malware that may harm your mac or comporise your privacy. I have to go to settings -> privacy and security and press Allow Anyway for all those warnings in order to make the cli command work.

I have attached the cask script and some warning screenshots here.

Does anyone know why I am getting those warnings and how to bypass/fix those warnings so that I dont need to manually click the allow in settings -> privacy and security ?
Thanks for the help in advance.

cask "microsoft-authentication-cli" do

  version "0.8.6"

  arch arm: "arm64", intel: "x64"

  on_arm do

    sha256 "839476d45973fbb687e6bfccb8d546745d81d51a24608228a796045f97dfac43"

    url "[https://github.com/AzureAD/microsoft-authentication-cli/releases/download/#{version}/azureauth-#{version}-osx-arm64.tar.gz"](https://github.com/AzureAD/microsoft-authentication-cli/releases/download/#%7Bversion%7D/azureauth-#%7Bversion%7D-osx-arm64.tar.gz%22)

  end

  on_intel do

    sha256 "067e9ed42cc84d1da3159508fd280d3f63c4e6f5778ffc18c653d0d50ffd1ed1"

    url "[https://github.com/AzureAD/microsoft-authentication-cli/releases/download/#{version}/azureauth-#{version}-osx-x64.tar.gz"](https://github.com/AzureAD/microsoft-authentication-cli/releases/download/#%7Bversion%7D/azureauth-#%7Bversion%7D-osx-x64.tar.gz%22)

  end

  name "microsoft-authentication-cli"

  desc "Microsoft Authentication CLI tool"

  homepage "[https://github.com/AzureAD/microsoft-authentication-cli"](https://github.com/AzureAD/microsoft-authentication-cli%22)

  livecheck do

    url :url

    strategy :github_latest

  end

  binary "azureauth"

end

[gromgit]

The cask binaries need to be signed, but even after that, it'll almost certainly be rejected in the first round:

App is both open-source and CLI-only (i.e. it only uses the binary artifact). In that case, and in the spirit of deduplication, submit it first to homebrew/core as a formula that builds from source. If it is rejected, you may then try again as a cask (link to the issue from your pull request so we can see the discussion and reasoning for rejection).

[keyuxuan]

I actually did try to onboard microsoft-authentication-cli through homebrew formula at the beginning, but i ran into an error during first try. And I am not sure what was the best way to fix that

First Try with homebrew formula:

This is the formula script i tried, by using source code as url, and using curl and the installed script provided from microsoft-authentication-cli README file. curl -sL https://raw.githubusercontent.com/AzureAD/microsoft-authentication-cli/$AZUREAUTH_VERSION/install/install.sh | sh.

# Documentation: https://docs.brew.sh/Formula-Cookbook
#                https://rubydoc.brew.sh/Formula
# PLEASE REMOVE ALL GENERATED COMMENTS BEFORE SUBMITTING YOUR PULL REQUEST!
class MicrosoftAuthenticationCli < Formula
  desc "Command-line utility for Azure authentication"
  homepage "https://github.com/AzureAD/microsoft-authentication-cli"
  license "MIT"
  url "https://github.com/AzureAD/microsoft-authentication-cli/archive/refs/tags/0.8.6.tar.gz"
  sha256 "85ec767b496d3594ba06b02c693d0988a686fc6a6d68f2b11099dbb6db280ccb"

  def install
     version = "0.8.6"
     ENV["AZUREAUTH_VERSION"] = version
     ENV["AZUREAUTH_VERBOSE_INSTALL"] = "1"  #debug purpose, will remove
      
     system "curl", "-sL", "https://raw.githubusercontent.com/AzureAD/microsoft-authentication-cli/#{version}/install/install.sh", "-o", "install.sh"
     system "sh", "install.sh"
  end

  test do
    assert_match "0.8.6", shell_output("#{bin}/azureauth --version")
  end
end

I was getting an empty installation error for this. I tried to debug by invoking the installation script with verbose mode, and seems like it was trying to add azureauth to the .zshrc and bashrc file under a private path. However, if I run the installation script directly, it will always add azureauth to the .zshrc and bashrc file to the right path, which is under HOME path.

I suspect that when installing via Homebrew, it's running in a container-like environment, which might prevent azureauth from being added to the correct path.

Am I correct here? Or if you know how to fix this empty installation error, or make homebrew add azureauth to the right path?

==> curl -sL https://raw.githubusercontent.com/AzureAD/microsoft-authentication-cli/0.8.6/install/install.sh -o install.sh
==> sh install.sh
Installing using post-0.4.0 method
Creating /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth
Downloading https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-arm64.tar.gz to /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/azureauth-0.8.6-osx-arm64.tar.gz
Extracting /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/azureauth-0.8.6-osx-arm64.tar.gz to /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/0.8.6
Removing /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/azureauth-0.8.6-osx-arm64.tar.gz
Appending '/private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/0.8.6' to $PATH in /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.bashrc
Appending '/private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.azureauth/0.8.6' to $PATH in /private/tmp/microsoft-authentication-cli-20241015-78104-ae493e/microsoft-authentication-cli-0.8.6/.brew_home/.zshrc
Installed azureauth 0.8.6!
/usr/bin/env /opt/homebrew/Library/Homebrew/shims/shared/git --version
Error: Empty installation
/opt/homebrew/Library/Homebrew/formula_installer.rb:1013:in `build'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
/opt/homebrew/Library/Homebrew/formula_installer.rb:506:in `install'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
/opt/homebrew/Library/Homebrew/upgrade.rb:208:in `install_formula'
/opt/homebrew/Library/Homebrew/install.rb:359:in `install_formula'
/opt/homebrew/Library/Homebrew/install.rb:311:in `block in install_formulae'
/opt/homebrew/Library/Homebrew/install.rb:310:in `each'
/opt/homebrew/Library/Homebrew/install.rb:310:in `install_formulae'
/opt/homebrew/Library/Homebrew/cmd/install.rb:301:in `run'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/call_validation.rb:270:in `validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/gems/sorbet-runtime-0.5.11602/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
/opt/homebrew/Library/Homebrew/brew.rb:94:in `<main>'

Second Try with homebrew formula:

I also tried to use the release package link as the url, and use bin.install as the installation function. It was be able install microsoft-authentication-cli successfully.

# Documentation: https://docs.brew.sh/Formula-Cookbook
#                https://rubydoc.brew.sh/Formula
# PLEASE REMOVE ALL GENERATED COMMENTS BEFORE SUBMITTING YOUR PULL REQUEST!
class MicrosoftAuthenticationCli < Formula
  desc "Command-line utility for Azure authentication"
  homepage "[https://github.com/AzureAD/microsoft-authentication-cli"](https://github.com/AzureAD/microsoft-authentication-cli%22)
  license "MIT"
  on_macos do
    on_arm do
      url "[https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-arm64.tar.gz"](https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-arm64.tar.gz%22)
      sha256 "839476d45973fbb687e6bfccb8d546745d81d51a24608228a796045f97dfac43"
    end
    on_intel do
      url "[https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-x64.tar.gz"](https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-x64.tar.gz%22)
      sha256 "067e9ed42cc84d1da3159508fd280d3f63c4e6f5778ffc18c653d0d50ffd1ed1"
    end
  end
 
  def install
    bin.install Dir["./*"]
  end
 
  test do
    assert_match "0.8.6", shell_output("#{bin}/azureauth --version")
  end
end

However, when i run brew audit, I am getting errors like:

  * line 10, col 7: https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-arm64.tar.gz looks like a binary package, not a source archive; homebrew/core is source-only.
  * line 14, col 7: https://github.com/AzureAD/microsoft-authentication-cli/releases/download/0.8.6/azureauth-0.8.6-osx-x64.tar.gz looks like a binary package, not a source archive; homebrew/core is source-only.
  *   0.8.6 is a GitHub pre-release.
  * GitHub repository not notable enough (<30 forks, <30 watchers and <75 stars)

Thats why/how I then switched to onboard through homebrew cask with the release package link as the url and created the cask script as above.

[p-linnane]

Everything in Homebrew/core must be built from source. We do not accept pre-built binaries.

If you want to ship pre-built binaries, you can ad this to Homebrew/cask. However, if the binaries are not signed and notarized, then we will not be able to accept them. This is why you are seeing those pop ups. macOS is warning you that the binaries are unsigned and can't be verified. This is an OS-level control.

[keyuxuan]

The binaries actually have been signed in our release pipeline for this package. So i am not sure why i am still seeing those pop ups..

[p-linnane]

I'm referring to signing and notarizing as it relates to macOS: https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution