This fixes an issue where at least in Xcode 11.0, `make` uses
`/var/tmp` as a fallback for temporary files unless `TMPDIR` is set:
```
$ strings "$(xcrun -f make)" | grep -B 3 fopen
TMPDIR
/var/tmp/
GmXXXXXX
fopen (temporary file)
```
Given that Homebrew filtered `TMPDIR`, and the `/var/tmp` directory may
not be writable for non-root users, this would cause Homebrew’s
build environment to error out:
```
$ brew ruby -e 'puts ENV["TMPDIR"]; puts `: | make -f -`'
```
```
Ignoring bigdecimal-2.0.0 because its extensions are not built. Try: gem pristine bigdecimal --version 2.0.0
[…]
Ignoring zlib-1.1.0 because its extensions are not built. Try: gem pristine zlib --version 1.1.0
make: *** fopen (temporary file): Permission denied. Stop.
```
In practice, this would break `brew audit`, `brew style`, and other
commands, which would run `make` to build native gem extensions.
This commit sets `TMPDIR` to `${HOMEBREW_TEMP}` in the gem environment, which
mirrors the behaviour we already have in other places.
We choose `HOMEBREW_TEMP` because that’s user-controlled but also falls
back to `/tmp` in case `TMPDIR` is not set in the user’s environment.
Thanks to Bo Anderson for helping find the bug.
CC: Bo Anderson <mail@boanderson.me>
Explain when these various versions should (and should not) be bumped
and provide a method to avoid people having to schlep through the Apple
Developer site unless they really want to.
Also, while we're here, DRY things up and reorder to "newest first".
If `HOMEBREW_GITHUB_API_TOKEN` is not set and `GITHUB_TOKEN` is: let's
use it. `GITHUB_TOKEN` is a somewhat standard env var to set for
GitHub authentication tokens (e.g. used by `hub`).
cli/parser but for environment variables. This makes it easier to set,
check, document and set defaults for environment variables in a single
location that can be used for query and documentation generation.
- This builds on @jonchang's work that started in #6265.
- We now use `uses_from_macos` to declare dependencies that are implicit
on macOS because they ship with macOS, but they're needed on Linux. We
have to be sure that the dependencies people specify as
`uses_from_macos` are actually shipped with macOS. So, we maintain a
safelist of those dependencies and check against it.
- Also add more legitimate `uses_from_macos` dependencies to the list.
- This is runnable with `brew audit --only-cops=FormulaAudit/UsesFromMacos`.
- It produces different number of failures on macOS vs. Linux, because
apparently we've not synced Homebrew/linuxbrew-core upstream thoroughly
enough yet.
- Originally this was designed as a `--strict` audit, but we flipped it
to be a normal audit because - to quote Mike - this is "sufficiently
robust" now.
