|
| 1 | +class SqlbOpensslAT3 < Formula |
| 2 | + desc "Cryptography and SSL/TLS Toolkit" |
| 3 | + homepage "https://openssl.org/" |
| 4 | + url "https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz" |
| 5 | + # version "3.4.1" |
| 6 | + sha256 "002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3" |
| 7 | + license "Apache-2.0" |
| 8 | + |
| 9 | + livecheck do |
| 10 | + url "https://www.openssl.org/source/" |
| 11 | + regex(/href=.*?openssl[._-]v?(\d+(?:\.\d+)+)\.t/i) |
| 12 | + end |
| 13 | + |
| 14 | + bottle do |
| 15 | + root_url "https://github.com/lucydodo/homebrew-tap/releases/download/[email protected]" |
| 16 | + sha256 arm64_sonoma: "6da840dda45af0f56f1f2de196ac34617cb16df15b1db2dedaf8661efac52820" |
| 17 | + end |
| 18 | + |
| 19 | + keg_only :shadowed_by_macos, "macOS provides LibreSSL" |
| 20 | + |
| 21 | + depends_on arch: :arm64 |
| 22 | + depends_on "ca-certificates" |
| 23 | + |
| 24 | + # SSLv2 died with 1.1.0, so no-ssl2 no longer required. |
| 25 | + # SSLv3 & zlib are off by default with 1.1.0 but this may not |
| 26 | + # be obvious to everyone, so explicitly state it for now to |
| 27 | + # help debug inevitable breakage. |
| 28 | + def configure_args |
| 29 | + %w[ |
| 30 | + enable-ec_nistp_64_gcc_128 |
| 31 | + no-asm |
| 32 | + no-ssl3 |
| 33 | + no-ssl3-method |
| 34 | + no-zlib |
| 35 | + ] |
| 36 | + end |
| 37 | + |
| 38 | + def install |
| 39 | + # Determine the minimum macOS version. |
| 40 | + # Match the required version of the DB Browser for SQLite app. |
| 41 | + ENV["MACOSX_DEPLOYMENT_TARGET"] = "10.13" |
| 42 | + ENV.append "CPPFLAGS", "-mmacosx-version-min=10.13" |
| 43 | + ENV.append "LDFLAGS", "-mmacosx-version-min=10.13" |
| 44 | + |
| 45 | + # This could interfere with how we expect OpenSSL to build. |
| 46 | + ENV.delete("OPENSSL_LOCAL_CONFIG_DIR") |
| 47 | + |
| 48 | + # This ensures where Homebrew's Perl is needed the Cellar path isn't |
| 49 | + # hardcoded into OpenSSL's scripts, causing them to break every Perl update. |
| 50 | + # Whilst our env points to opt_bin, by default OpenSSL resolves the symlink. |
| 51 | + ENV["PERL"] = Formula["perl"].opt_bin/"perl" if which("perl") == Formula["perl"].opt_bin/"perl" |
| 52 | + |
| 53 | + arch_args = [] |
| 54 | + arch_args << "darwin64-x86_64-cc" |
| 55 | + arch_args += %W[--prefix=#{prefix}/darwin64-x86_64-cc] |
| 56 | + arch_args += %W[--openssldir=#{openssldir}/darwin64-x86_64-cc] |
| 57 | + arch_args << "--libdir=#{prefix}/darwin64-x86_64-cc/lib" |
| 58 | + ENV.append "CFLAGS", "-arch x86_64" |
| 59 | + |
| 60 | + system "perl", "./Configure", *(configure_args + arch_args) |
| 61 | + system "arch", "-x86_64", "make" |
| 62 | + system "make", "install", "MANDIR=#{prefix}/darwin64-x86_64-cc/share/man", "MANSUFFIX=ssl" |
| 63 | + # AF_ALG support isn't always enabled (e.g. some containers), which breaks the tests. |
| 64 | + # AF_ALG is a kernel feature and failures are unlikely to be issues with the formula. |
| 65 | + # system "CFLAGS=\"-arch x86_64\" arch -x86_64 make test TESTS=-test_afalg" |
| 66 | + |
| 67 | + arch_args = [] |
| 68 | + arch_args << "darwin64-arm64-cc" |
| 69 | + arch_args += %W[--prefix=#{prefix} --openssldir=#{openssldir} --libdir=lib] |
| 70 | + |
| 71 | + openssldir.mkpath |
| 72 | + system "make", "clean" |
| 73 | + system "perl", "./Configure", *(configure_args + arch_args) |
| 74 | + system "make" |
| 75 | + system "make", "install", "MANDIR=#{man}", "MANSUFFIX=ssl" |
| 76 | + # # AF_ALG support isn't always enabled (e.g. some containers), which breaks the tests. |
| 77 | + # # AF_ALG is a kernel feature and failures are unlikely to be issues with the formula. |
| 78 | + # system "make", "test", "TESTS=-test_afalg" |
| 79 | + |
| 80 | + mv "#{lib}/libcrypto.3.dylib", "#{lib}/libcrypto.3-arm64.dylib" |
| 81 | + dylib_arm64 = MachO::MachOFile.new("#{lib}/libcrypto.3-arm64.dylib") |
| 82 | + dylib_x86_64 = MachO::MachOFile.new("#{prefix}/darwin64-x86_64-cc/lib/libcrypto.3.dylib") |
| 83 | + fat = MachO::FatFile.new_from_machos(dylib_arm64, dylib_x86_64) |
| 84 | + fat.write("#{lib}/libcrypto.3.dylib") |
| 85 | + |
| 86 | + rm "#{lib}/libcrypto.dylib" |
| 87 | + rm_r "#{prefix}/darwin64-x86_64-cc/bin" |
| 88 | + rm_r "#{prefix}/darwin64-x86_64-cc/lib" |
| 89 | + ln_s "#{lib}/libcrypto.3.dylib", "#{lib}/libcrypto.dylib" |
| 90 | + end |
| 91 | + |
| 92 | + def openssldir |
| 93 | + etc/"sqlb-openssl@3" |
| 94 | + end |
| 95 | + |
| 96 | + def caveats |
| 97 | + <<~EOS |
| 98 | + A CA file has been bootstrapped using certificates from the system |
| 99 | + keychain. To add additional certificates, place .pem files in |
| 100 | + #{openssldir}/certs |
| 101 | +
|
| 102 | + and run |
| 103 | + #{opt_bin}/c_rehash |
| 104 | + EOS |
| 105 | + end |
| 106 | + |
| 107 | + test do |
| 108 | + # Make sure the necessary .cnf file exists, otherwise OpenSSL gets moody. |
| 109 | + assert_path_exists pkgetc/"openssl.cnf", "OpenSSL requires the .cnf file for some functionality" |
| 110 | + |
| 111 | + # Check OpenSSL itself functions as expected. |
| 112 | + (testpath/"testfile.txt").write("This is a test file") |
| 113 | + expected_checksum = "e2d0fe1585a63ec6009c8016ff8dda8b17719a637405a4e23c0ff81339148249" |
| 114 | + system bin/"openssl", "dgst", "-sha256", "-out", "checksum.txt", "testfile.txt" |
| 115 | + open("checksum.txt") do |f| |
| 116 | + checksum = f.read(100).split("=").last.strip |
| 117 | + assert_equal checksum, expected_checksum |
| 118 | + end |
| 119 | + end |
| 120 | +end |
0 commit comments