homebrew-core/Formula/libressl.rb

127 lines
4.1 KiB
Ruby

class Libressl < Formula
desc "Version of the SSL/TLS protocol forked from OpenSSL"
homepage "https://www.libressl.org/"
# Please ensure when updating version the release is from stable branch.
url "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3.tar.gz"
mirror "https://mirrorservice.org/pub/OpenBSD/LibreSSL/libressl-3.5.3.tar.gz"
sha256 "3ab5e5eaef69ce20c6b170ee64d785b42235f48f2e62b095fca5d7b6672b8b28"
license "OpenSSL"
livecheck do
url :homepage
regex(/latest stable release is (\d+(?:\.\d+)+)/i)
end
bottle do
sha256 arm64_monterey: "69c8b3bd77a93b7d66c10547d7513989422d59eff4f51d52b5bc4df5be7c6527"
sha256 arm64_big_sur: "a7e45093051a0a7961d88caa88002864eac2d00b1eca53cc75cf35c471d46680"
sha256 monterey: "183d6b2c20714d89aea7522bdf0cdedab4490a11f8f56671f155362f3231d98b"
sha256 big_sur: "9afd1be45a3f183c8b2ac2fe5ed5c8defc3fd9a5ef8b4e2db9ab2d7122f29692"
sha256 catalina: "ed9f90222d3d7ea6382bedc140bcaee1242080afcff3a7bf38b17083c929dd0e"
sha256 x86_64_linux: "187419900c62a0673ef001737a8ccd8b3a336077faa093593e2d305cfb141148"
end
head do
url "https://github.com/libressl-portable/portable.git"
depends_on "autoconf" => :build
depends_on "automake" => :build
depends_on "libtool" => :build
end
keg_only :provided_by_macos
on_linux do
keg_only "it conflicts with OpenSSL formula"
end
def install
args = %W[
--disable-dependency-tracking
--disable-silent-rules
--prefix=#{prefix}
--with-openssldir=#{etc}/libressl
--sysconfdir=#{etc}/libressl
]
system "./autogen.sh" if build.head?
system "./configure", *args
system "make"
system "make", "install"
end
def post_install
if OS.mac?
ohai "Regenerating CA certificate bundle from keychain, this may take a while..."
keychains = %w[
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
]
certs_list = `security find-certificate -a -p #{keychains.join(" ")}`
certs = certs_list.scan(
/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m,
)
# Check that the certificate has not expired
valid_certs = certs.select do |cert|
IO.popen("#{bin}/openssl x509 -inform pem -checkend 0 -noout &>/dev/null", "w") do |openssl_io|
openssl_io.write(cert)
openssl_io.close_write
end
$CHILD_STATUS.success?
end
# Check that the certificate is trusted in keychain
trusted_certs = begin
tmpfile = Tempfile.new
valid_certs.select do |cert|
tmpfile.rewind
tmpfile.write cert
tmpfile.truncate cert.size
tmpfile.flush
IO.popen("/usr/bin/security verify-cert -l -L -R offline -c #{tmpfile.path} &>/dev/null")
$CHILD_STATUS.success?
end
ensure
tmpfile&.close!
end
# LibreSSL install a default pem - We prefer to use macOS for consistency.
rm_f %W[#{etc}/libressl/cert.pem #{etc}/libressl/cert.pem.default]
(etc/"libressl/cert.pem").atomic_write(trusted_certs.join("\n") << "\n")
end
end
def caveats
<<~EOS
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
#{etc}/libressl/certs
and run
#{opt_bin}/openssl certhash #{etc}/libressl/certs
EOS
end
test do
# Make sure the necessary .cnf file exists, otherwise LibreSSL gets moody.
assert_predicate HOMEBREW_PREFIX/"etc/libressl/openssl.cnf", :exist?,
"LibreSSL requires the .cnf file for some functionality"
# Check LibreSSL itself functions as expected.
(testpath/"testfile.txt").write("This is a test file")
expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249"
system "#{bin}/openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt"
open("checksum.txt") do |f|
checksum = f.read(100).split("=").last.strip
assert_equal checksum, expected_checksum
end
end
end