129 lines
4.3 KiB
Ruby
129 lines
4.3 KiB
Ruby
class Libressl < Formula
|
|
desc "Version of the SSL/TLS protocol forked from OpenSSL"
|
|
homepage "https://www.libressl.org/"
|
|
# Please ensure when updating version the release is from stable branch.
|
|
url "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz"
|
|
mirror "https://mirrorservice.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz"
|
|
sha256 "acfac61316e93b919c28d62d53037ca734de85c46b4d703f19fd8395cf006774"
|
|
license "OpenSSL"
|
|
|
|
livecheck do
|
|
url :homepage
|
|
regex(/latest stable release is (\d+(?:\.\d+)+)/i)
|
|
end
|
|
|
|
bottle do
|
|
sha256 arm64_ventura: "5d52c80e347fe885c220befda3d0b06ceadb0c69d5d38ea411824e5522984e7f"
|
|
sha256 arm64_monterey: "e1e190218aef455cd898452faa0940169b778c6aed71da43c52418811a15aea5"
|
|
sha256 arm64_big_sur: "4bdc1402b982264a82b00a293ddc06d3689e1aef4705409c04c0b31042e7cdfb"
|
|
sha256 ventura: "aa9702299ec81740d7122b70677eaf676670c05115a3e2c2e4fef9abfa11597f"
|
|
sha256 monterey: "d53e3985174b4ea5b1b8eef8aada76a2a92da4aa34842c9449968ae5a49b860d"
|
|
sha256 big_sur: "0b026cac08005c9536917bbc131fefb01225b622381a372d3bbcac40e135b320"
|
|
sha256 catalina: "97468dafe7be4c434641c85ab2679209304905c84761e75b2160877aaacb48ae"
|
|
sha256 x86_64_linux: "3e515757befa20efb729f8f9a97d3eaf1647d5de7ba804349d24d2e00bec053d"
|
|
end
|
|
|
|
head do
|
|
url "https://github.com/libressl-portable/portable.git", branch: "master"
|
|
|
|
depends_on "autoconf" => :build
|
|
depends_on "automake" => :build
|
|
depends_on "libtool" => :build
|
|
end
|
|
|
|
keg_only :provided_by_macos
|
|
|
|
on_linux do
|
|
keg_only "it conflicts with OpenSSL formula"
|
|
end
|
|
|
|
def install
|
|
args = %W[
|
|
--disable-dependency-tracking
|
|
--disable-silent-rules
|
|
--prefix=#{prefix}
|
|
--with-openssldir=#{etc}/libressl
|
|
--sysconfdir=#{etc}/libressl
|
|
]
|
|
|
|
system "./autogen.sh" if build.head?
|
|
system "./configure", *args
|
|
system "make"
|
|
system "make", "install"
|
|
end
|
|
|
|
def post_install
|
|
if OS.mac?
|
|
ohai "Regenerating CA certificate bundle from keychain, this may take a while..."
|
|
|
|
keychains = %w[
|
|
/Library/Keychains/System.keychain
|
|
/System/Library/Keychains/SystemRootCertificates.keychain
|
|
]
|
|
|
|
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
|
|
certs = certs_list.scan(
|
|
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
|
|
)
|
|
|
|
# Check that the certificate has not expired
|
|
valid_certs = certs.select do |cert|
|
|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout &>/dev/null", "w") do |openssl_io|
|
|
openssl_io.write(cert)
|
|
openssl_io.close_write
|
|
end
|
|
|
|
$CHILD_STATUS.success?
|
|
end
|
|
|
|
# Check that the certificate is trusted in keychain
|
|
trusted_certs = begin
|
|
tmpfile = Tempfile.new
|
|
|
|
valid_certs.select do |cert|
|
|
tmpfile.rewind
|
|
tmpfile.write cert
|
|
tmpfile.truncate cert.size
|
|
tmpfile.flush
|
|
IO.popen("/usr/bin/security verify-cert -l -L -R offline -c #{tmpfile.path} &>/dev/null")
|
|
|
|
$CHILD_STATUS.success?
|
|
end
|
|
ensure
|
|
tmpfile&.close!
|
|
end
|
|
|
|
# LibreSSL install a default pem - We prefer to use macOS for consistency.
|
|
rm_f %W[#{etc}/libressl/cert.pem #{etc}/libressl/cert.pem.default]
|
|
(etc/"libressl/cert.pem").atomic_write(trusted_certs.join("\n") << "\n")
|
|
end
|
|
end
|
|
|
|
def caveats
|
|
<<~EOS
|
|
A CA file has been bootstrapped using certificates from the SystemRoots
|
|
keychain. To add additional certificates (e.g. the certificates added in
|
|
the System keychain), place .pem files in
|
|
#{etc}/libressl/certs
|
|
|
|
and run
|
|
#{opt_bin}/openssl certhash #{etc}/libressl/certs
|
|
EOS
|
|
end
|
|
|
|
test do
|
|
# Make sure the necessary .cnf file exists, otherwise LibreSSL gets moody.
|
|
assert_predicate HOMEBREW_PREFIX/"etc/libressl/openssl.cnf", :exist?,
|
|
"LibreSSL requires the .cnf file for some functionality"
|
|
|
|
# Check LibreSSL itself functions as expected.
|
|
(testpath/"testfile.txt").write("This is a test file")
|
|
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
|
|
system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
|
|
open("checksum.txt") do |f|
|
|
checksum = f.read(100).split("=").last.strip
|
|
assert_equal checksum, expected_checksum
|
|
end
|
|
end
|
|
end
|