Currently, if formula `foo` ships both universal and non-native
binaries and `foo` is on both allowlists, then `brew audit --strict`
errors out with an empty error message:
❯ brew audit --strict foo
foo:
*
Error: 1 problem in 1 formula detected
Let's fix this (admittedly obscure) corner case by returning early when
a formula is present on both allowlists.
This will make the error more informative by showing the architecture a
binary was built for along with the error message.
Before:
foo:
* Binaries built for an incompatible architecture were installed into foo's prefix.
The offending files are:
/usr/local/Cellar/foo/1.0/lib/libbar.dylib
/usr/local/Cellar/foo/1.0/lib/libfoo.dylib
/usr/local/Cellar/foo/1.0/lib/libincompatible.dylib
Unexpected universal binaries were found.
The offending files are:
/usr/local/Cellar/foo/1.0/lib/liball.dylib
/usr/local/Cellar/foo/1.0/lib/libuniversal.dylib
After:
foo:
* Binaries built for a non-native architecture were installed into foo's prefix.
The offending files are:
/usr/local/Cellar/foo/1.0/lib/libbar.dylib (i386)
/usr/local/Cellar/foo/1.0/lib/libfoo.dylib (arm64)
/usr/local/Cellar/foo/1.0/lib/libincompatible.dylib (universal)
Unexpected universal binaries were found.
The offending files are:
/usr/local/Cellar/foo/1.0/lib/liball.dylib
/usr/local/Cellar/foo/1.0/lib/libuniversal.dylib
The `check_binary_arches` audit will fail any formula that produces
universal binaries. We have a handful of formulae in Homebrew/core that
do this (see any formula that does `ENV.permit_arch_flags`, for
example). Moreover, some third party taps may have their own formulae
that build universal binaries.
I've updated the check so that it ignores a formula that produces
universal binaries whenever the formula is in the appropriate allowlist.
We'll need to create one in Homebrew/core for the handful of formulae
that do (expectedly) build universal binaries.
If we don't want to maintain an allowlist, we can easily modify this to
pass over any formulae that builds compatible universal binaries.
I've also fixed the spacing of the error this audit produces whenever
there is more than one file that fails the audit.
There have been a few instances I've noticed that we've been silently
installing binaries built for x86_64 on ARM. There's probably more that
I haven't found yet, so it seems useful to check this with an audit.
The output format of `objdump` on Mojave is different from newer
versions of macOS, so I've adjusted the relevant audit to account for
this difference.
- Refuse to create bottles which have non-relocatable references to
`HOMEBREW_LIBRARY`. This allows us to make all bottles ignore where
`HOMEBREW_REPOSITORY` is (even those that aren't `cellar :any`).
I cannot see any circumstances in which any bottle should link to
anything within `HOMEBREW_REPOSITORY`.
- Remove audit that becomes unnecessary given the above change.
- Relocate references to `@HOMEBREW_LIBRARY@` but don't actually write
any references yet. This will allow us to move to using
`@HOMEBREW_LIBRARY` and remove all relocation of `HOMEBREW_REPOSITORY`
in a future release (2.7.1, most likely).
This avoids an unusual error message when Python is needed for building
(e.g., code generation) but is not used at runtime.
```
==> brew audit recode --online
Error: 1 problem in 1 formula detected
recode:
* Packages have been installed for:
but this formula depends on:
Python 3.7
```
