sundowndev
/
homebrew-core
mirror of https://github.com/sundowndev/homebrew-core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
homebrew-core/Formula/libressl.rb

128 lines
4.2 KiB
Ruby
Raw Blame History

class Libressl < Formula
desc "Version of the SSL/TLS protocol forked from OpenSSL"
homepage "https://www.libressl.org/"
# Please ensure when updating version the release is from stable branch.
url "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2.tar.gz"
mirror "https://mirrorservice.org/pub/OpenBSD/LibreSSL/libressl-3.4.2.tar.gz"
sha256 "cb82ca7d547336917352fbd23db2fc483c6c44d35157b32780214ec74197b3ce"
license "OpenSSL"
livecheck do
url :homepage
regex(/latest stable release is (\d+(?:\.\d+)+)/i)
end
bottle do
sha256 arm64_monterey: "932d4139fd7c519e637555dcd7646ce074410dfe819cf1e959582e92e9d2629b"
sha256 arm64_big_sur: "0b41497bd24cafddac59ad896f3bd0651f809368ec7a273a9a587c7be25c66ec"
sha256 monterey: "99dcff0a05aa91c512cc84634da127314e18965a5415cfc5bf89cfac2d11f525"
sha256 big_sur: "ab9076500642384eb5af15e8e89e5a2c08c0cbd61286cf7d53770d777995a6cd"
sha256 catalina: "4fbe195f7dd1c0456912892a6dd2f91a3e53601b3f26a8352bbf58951d92eee1"
sha256 x86_64_linux: "2a795ad39e27b921e4afd4e9a2e65cd04ddb86ba49193eaf8826349ab3c4e9e1"
end
head do
url "https://github.com/libressl-portable/portable.git"
depends_on "autoconf" => :build
depends_on "automake" => :build
depends_on "libtool" => :build
end
keg_only :provided_by_macos
on_linux do
keg_only "it conflicts with OpenSSL formula"
end
def install
args = %W[
--disable-dependency-tracking
--disable-silent-rules
--prefix=#{prefix}
--with-openssldir=#{etc}/libressl
--sysconfdir=#{etc}/libressl
]
system "./autogen.sh" if build.head?
system "./configure", *args
system "make"
system "make", "check"
system "make", "install"
end
def post_install
if OS.mac?
ohai "Regenerating CA certificate bundle from keychain, this may take a while..."
keychains = %w[
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
]
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
certs = certs_list.scan(
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
)
# Check that the certificate has not expired
valid_certs = certs.select do |cert|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout &>/dev/null", "w") do |openssl_io|
openssl_io.write(cert)
openssl_io.close_write
end
$CHILD_STATUS.success?
end
# Check that the certificate is trusted in keychain
trusted_certs = begin
tmpfile = Tempfile.new
valid_certs.select do |cert|
tmpfile.rewind
tmpfile.write cert
tmpfile.truncate cert.size
tmpfile.flush
IO.popen("/usr/bin/security verify-cert -l -L -R offline -c #{tmpfile.path} &>/dev/null")
$CHILD_STATUS.success?
end
ensure
tmpfile&.close!
end
# LibreSSL install a default pem - We prefer to use macOS for consistency.
rm_f %W[#{etc}/libressl/cert.pem #{etc}/libressl/cert.pem.default]
(etc/"libressl/cert.pem").atomic_write(trusted_certs.join("\n") << "\n")
end
end
def caveats
<<~EOS
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
#{etc}/libressl/certs
and run
#{opt_bin}/openssl certhash #{etc}/libressl/certs
EOS
end
test do
# Make sure the necessary .cnf file exists, otherwise LibreSSL gets moody.
assert_predicate HOMEBREW_PREFIX/"etc/libressl/openssl.cnf", :exist?,
"LibreSSL requires the .cnf file for some functionality"
# Check LibreSSL itself functions as expected.
(testpath/"testfile.txt").write("This is a test file")
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
open("checksum.txt") do |f|
checksum = f.read(100).split("=").last.strip
assert_equal checksum, expected_checksum
end
end
end
Reference in New Issue View Git Blame Copy Permalink