audit: Check if uses_from_macos usage is correct

[issyl0]

• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same change?
• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you written new tests for your changes? Here's an example.
• Have you successfully run brew style with your changes locally?
• Have you successfully run brew tests with your changes locally?

---

• This resurrects audit: uses_from_macos only uses macOS software #6265 by @jonchang and brings it up to date.
• We need to know whether all the uses_from_macos usage is legit, so we check against a safelist of dependencies that we know to ship with macOS.

[issyl0]

OK, via abusing problem as a way to output stuff to the console (no amount of ohai with --verbose or --debug worked, and I couldn't get pry to trigger), I've found why some dependencies output as an empty string while others are fine:

problem "#{parameters(method).first.inspect}"

leads to:

nettle:
  * C: 19: col 3: FormulaAuditStrict/UsesFromMacos: s(:hash,
      s(:pair,
        s(:str, "m4"),
        s(:sym, :build)))
newt:
  * C: 19: col 3: FormulaAuditStrict/UsesFromMacos: s(:str, "python")

Now to work out how to handle the hash elements... 🤔

[issyl0]

With the current code, I get Error: 85 problems in 85 formulae detected. I think that sounds vaguely plausible?

[MikeMcQuaid]

Yeh, sounds about right. You can use brew style homebrew/core --only-cops=FormulaStrictAudit/Urls to run just that RuboCop (which should be much faster). Additionally: what do you think about this being a non-strict cop?

Once tests are 💚 (or if you need help getting them there): give me a shout and I'll review!

[issyl0]

The strict vs. non-strict cop was discussed in the original review and it was decided to make it a strict cop because of reliability concerns.

But that was back in July 2019, and uses_from_macos is way more widely used now, so I think a non-strict cop is good. I'll work on it later! Thanks, Mike.

[MikeMcQuaid]

The strict vs. non-strict cop was discussed in the original review and it was decided to make it a strict cop because of reliability concerns.

👍. I'm confident this approach will be sufficiently robust.

[issyl0]

The one remaining style failure is:

Library/Homebrew/test/rubocops/uses_from_macos_spec.rb:5:1: C: RSpec/FilePath: Spec path should end with rubocop/cop/formula_audit/uses_from_macos*_spec.rb.
describe RuboCop::Cop::FormulaAudit::UsesFromMacos do
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

756 files inspected, 1 offense detected

After I've figured out how to fix this, I'll squash the commits and this'll be ready for review.

The results when running brew audit --only-cops=FormulaAudit/UsesFromMacos are different on macOS compared to Linux (there's more output on Linux). I guess this is because we're (oh god) not done with syncing uses_from_macos to Homebrew/homebrew-core yet. We can add more to the safelist when we come across them, I guess.

[MikeMcQuaid]

We can add more to the safelist when we come across them, I guess.

👍

[issyl0]

@MikeMcQuaid and anyone else: I squashed the commits, CI is 💚and this is ready for review, please!

[MikeMcQuaid]

Thanks again @issyl0, great work!