homebrew-core/Formula/libressl.rb

129 lines
4.3 KiB
Ruby

class Libressl < Formula
desc "Version of the SSL/TLS protocol forked from OpenSSL"
homepage "https://www.libressl.org/"
# Please ensure when updating version the release is from stable branch.
url "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz"
mirror "https://mirrorservice.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz"
sha256 "acfac61316e93b919c28d62d53037ca734de85c46b4d703f19fd8395cf006774"
license "OpenSSL"
livecheck do
url :homepage
regex(/latest stable release is (\d+(?:\.\d+)+)/i)
end
bottle do
sha256 arm64_ventura: "5d52c80e347fe885c220befda3d0b06ceadb0c69d5d38ea411824e5522984e7f"
sha256 arm64_monterey: "e1e190218aef455cd898452faa0940169b778c6aed71da43c52418811a15aea5"
sha256 arm64_big_sur: "4bdc1402b982264a82b00a293ddc06d3689e1aef4705409c04c0b31042e7cdfb"
sha256 ventura: "aa9702299ec81740d7122b70677eaf676670c05115a3e2c2e4fef9abfa11597f"
sha256 monterey: "d53e3985174b4ea5b1b8eef8aada76a2a92da4aa34842c9449968ae5a49b860d"
sha256 big_sur: "0b026cac08005c9536917bbc131fefb01225b622381a372d3bbcac40e135b320"
sha256 catalina: "97468dafe7be4c434641c85ab2679209304905c84761e75b2160877aaacb48ae"
sha256 x86_64_linux: "3e515757befa20efb729f8f9a97d3eaf1647d5de7ba804349d24d2e00bec053d"
end
head do
url "https://github.com/libressl-portable/portable.git", branch: "master"
depends_on "autoconf" => :build
depends_on "automake" => :build
depends_on "libtool" => :build
end
keg_only :provided_by_macos
on_linux do
keg_only "it conflicts with OpenSSL formula"
end
def install
args = %W[
--disable-dependency-tracking
--disable-silent-rules
--prefix=#{prefix}
--with-openssldir=#{etc}/libressl
--sysconfdir=#{etc}/libressl
]
system "./autogen.sh" if build.head?
system "./configure", *args
system "make"
system "make", "install"
end
def post_install
if OS.mac?
ohai "Regenerating CA certificate bundle from keychain, this may take a while..."
keychains = %w[
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
]
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
certs = certs_list.scan(
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
)
# Check that the certificate has not expired
valid_certs = certs.select do |cert|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout &>/dev/null", "w") do |openssl_io|
openssl_io.write(cert)
openssl_io.close_write
end
$CHILD_STATUS.success?
end
# Check that the certificate is trusted in keychain
trusted_certs = begin
tmpfile = Tempfile.new
valid_certs.select do |cert|
tmpfile.rewind
tmpfile.write cert
tmpfile.truncate cert.size
tmpfile.flush
IO.popen("/usr/bin/security verify-cert -l -L -R offline -c #{tmpfile.path} &>/dev/null")
$CHILD_STATUS.success?
end
ensure
tmpfile&.close!
end
# LibreSSL install a default pem - We prefer to use macOS for consistency.
rm_f %W[#{etc}/libressl/cert.pem #{etc}/libressl/cert.pem.default]
(etc/"libressl/cert.pem").atomic_write(trusted_certs.join("\n") << "\n")
end
end
def caveats
<<~EOS
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
#{etc}/libressl/certs
and run
#{opt_bin}/openssl certhash #{etc}/libressl/certs
EOS
end
test do
# Make sure the necessary .cnf file exists, otherwise LibreSSL gets moody.
assert_predicate HOMEBREW_PREFIX/"etc/libressl/openssl.cnf", :exist?,
"LibreSSL requires the .cnf file for some functionality"
# Check LibreSSL itself functions as expected.
(testpath/"testfile.txt").write("This is a test file")
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
open("checksum.txt") do |f|
checksum = f.read(100).split("=").last.strip
assert_equal checksum, expected_checksum
end
end
end