I installed ruby 2.1.0 using rvm.
It asked me to enter my password so it coudl copy a file to
/etc/openssl/cert.perm
Is this normal? why?
thanks!
On Monday, June 23, 2014 11:38:09 AM UTC-4, Gitted wrote:
I installed ruby 2.1.0 using rvm.
It asked me to enter my password so it coudl copy a file to
/etc/openssl/cert.permIs this normal? why?
thanks!
I’m not sure I would call it normal, but it is possible. RVM now
automatically installs/updates any third party software or modules it
needs
for installation. It is possible it’s updating your version of OpenSSL
to a
version it requires. If you are installing RVM at a user level and
openssl
is installed at the root level, it may need your password to update it.
Some operating systems may require the password to update a certificate
no
matter what. I’m doing a fair amount of guessing here, and I don’t know
what your environment is, but to be safe, I exit, separately update
OpenSSL
through whatever mechanism you used to install it, and then install Ruby
2.1.0. If OpenSSL is current, it should need to update anything. If
that’s not it, sorry, but I really can’t help without more information.
mike2r you were quite close with the guess, RVM updates this
certificates
based on a path from a binary ruby, now that path is hard coded within
the
ruby as it is statically linked to openssl - usually you should not use
static linking, but in that case it was the only option to allow
providing
"universal binaries for OSX that will work no matter what package
manager
is used on the system, note the problem is on apple site as they do not
provide a package manager so users are forced to seek out third party
solutions, this causes that you get limited options, you can not assume
software will be available in some path, like you could install homebrew
to
~/.brew - so anything linked against /opt/… would not work, so even
people
using the same package manager but in different locations would have to
recompile ruby, using statically linked binaries eliminates the need for
any local dependencies but caries also some disadvantages like the hard
coded path for certificates - or pinned version of libraries that do not
get security updates (notice that neither homebrew or macports get setup
to
provide automated security updates) you should not use this OSX binaries
for production use, it is safe to use them in development, if you know
you
will host the app publicly from your OSX system you should use
dynamically
linked rubies making sure they are linked to newest versions of security
updated software, this means on homebrew you need to update all software
and reinstall the ruby in rvm with --disable-bianry flag (this is only
needed for publicly hosted webrick using https sites from OSX)