MacOS Mojave更新SSL / TLS(?)之后,无法从'https://rubygems.org/'安装gem。

时间:2018-09-26 08:07:03

标签: ssl openssl homebrew rvm macos-mojave

我目前无法从“ https://rubygems.org/”安装gems 我最近更新到Mojave并更新和升级了brew以使mysql重新运行。 现在我发现我无法从rubygems安装宝石。

尝试安装gem时

[REPRO]$ gem install rdoc-data -v 3.12
ERROR:  Could not find a valid gem 'rdoc-data' (= 3.12), here is why:
      Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert protocol version (https://api.rubygems.org/specs.4.8.gz)

我已经尝试this,但是没有用。

尝试更新RVM 

[REPRO]$ rvm get stable
Downloading https://get.rvm.io
Downloading https://raw.githubusercontent.com/rvm/rvm/master/binscripts/rvm-installer.asc
Verifying /Users/MYACCOUNT/.rvm/archives/rvm-installer.asc
gpg: Signatur vom Sat Mar 31 23:47:44 2018 CEST
...
GPG verified '/Users/MYACCOUNT/.rvm/archives/rvm-1.29.4.tgz'
Upgrading the RVM installation in /Users/MYACCOUNT/.rvm/
RVM PATH line found in /Users/MYACCOUNT/.mkshrc /Users/MYACCOUNT/.profile /Users/MYACCOUNT/.zshrc.
RVM PATH line not found for Bash, rerun this command with '--auto-dotfiles' flag to fix it.
RVM sourcing line found in /Users/MYACCOUNT/.profile /Users/MYACCOUNT/.bash_profile /Users/MYACCOUNT/.zlogin.
Upgrade of RVM in /Users/MYACCOUNT/.rvm/ is complete.
  * RVM 1.30 simplifies behavior of 'rvm wrapper' subcommand


RVM reloaded!

尝试更新CERTs 

[REPRO]$ rvm osx-ssl-certs update all
Selected SSL certs for: ruby-2.3.4
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Updating certificates bundle /usr/local/etc/openssl/cert.pem: Already up to date.
Updating certificates bundle /etc/openssl/cert.pem: Updating certificates bundle '/etc/openssl/cert.pem'
MYACCOUNT password required for 'command tee /etc/openssl/cert.pem': 
Updated.
Updating certificates bundle /System/Library/OpenSSL/cert.pem: Updating certificates bundle '/System/Library/OpenSSL/cert.pem'
tee: /System/Library/OpenSSL/cert.pem: Operation not permitted
Failed.
Updating certificates bundle /System/Library/OpenSSL/cert.pem: Updating certificates bundle '/System/Library/OpenSSL/cert.pem'
tee: /System/Library/OpenSSL/cert.pem: Operation not permitted
Failed.
Updating certificates bundle /usr/local/etc/openssl@1.1/cert.pem: Already up to date.

尝试更新RVM 

[REPRO]$ rvm rubygems latest
Installed rubygems 2.6.8 is newer than 2.0.17 provided with installed ruby, skipping installation, use --force to force installation.

尝试安装gem 

[REPRO]$ gem install rdoc-data -v 3.12
ERROR:  Could not find a valid gem 'rdoc-data' (= 3.12), here is why:
      Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert protocol version (https://api.rubygems.org/specs.4.8.gz)

我通过brew安装了两个openssl:

[REPRO]$ brew info openssl
openssl: stable 1.0.2p (bottled) [keg-only]
SSL/TLS cryptography library
https://openssl.org/
/usr/local/Cellar/openssl/1.0.2o_1 (1,791 files, 12.3MB)
  Poured from bottle on 2018-04-17 at 00:25:36
/usr/local/Cellar/openssl/1.0.2o_2 (1,792 files, 12.3MB)
  Poured from bottle on 2018-06-22 at 06:37:09
/usr/local/Cellar/openssl/1.0.2p (1,793 files, 12MB)
  Poured from bottle on 2018-09-25 at 07:30:55
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/openssl.rb
==> Dependencies
Build: makedepend ✘
==> Options
--without-test
    Skip build-time tests (not recommended)
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have openssl first in your PATH run:
  echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

For compilers to find openssl you may need to set:
  export LDFLAGS="-L/usr/local/opt/openssl/lib"
  export CPPFLAGS="-I/usr/local/opt/openssl/include"

For pkg-config to find openssl you may need to set:
  export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"

==> Analytics
install: 556,733 (30d), 1,491,119 (90d), 4,803,757 (365d)
install_on_request: 75,928 (30d), 212,774 (90d), 546,010 (365d)
build_error: 14,735 (30d)


[REPRO]$ brew info openssl@1.1
openssl@1.1: stable 1.1.1 (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
https://openssl.org/
/usr/local/Cellar/openssl@1.1/1.1.0h (6,587 files, 15.6MB)
  Poured from bottle on 2018-04-17 at 00:24:57
/usr/local/Cellar/openssl@1.1/1.1.1 (7,821 files, 17.9MB)
  Poured from bottle on 2018-09-25 at 07:31:15
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/openssl@1.1.rb
==> Options
--without-test
Skip build-time tests (not recommended)
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl@1.1/certs

and run
  /usr/local/opt/openssl@1.1/bin/c_rehash

openssl@1.1 is keg-only, which means it was not symlinked into /usr/local,
because this is an alternate version of another formula.

If you need to have openssl@1.1 first in your PATH run:
  echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.bash_profile

For compilers to find openssl@1.1 you may need to set:
  export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib"
  export CPPFLAGS="-I/usr/local/opt/openssl@1.1/include"

For pkg-config to find openssl@1.1 you may need to set:
  export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"

==> Analytics
install: 0 (30d), 0 (90d), 0 (365d)
install_on_request: 0 (30d), 0 (90d), 0 (365d)
build_error: 13 (30d)

我的〜/ .bash_profile中有'PATH =“ / usr / local / opt / openssl / bin:$ PATH”'

在系统更新之前,一切都可以工作,但是现在我的开发系统已损坏。有人可以帮忙吗?我可以在gem文件中设置http; // ruby​​gems.org,因此可以通过捆绑安装来安装gem,但这不是解决方案。

更新:

我发现了更多细节:在第二台计算机上,所有功能都按预期运行。在两个系统上,RVM都依赖于openssl,在两种情况下均为brew / openssl或brew/openssl@1.1。在第一台机器上,我得到:

$ rvm osx-ssl-certs status all
Selected SSL certs for: ruby-2.3.4
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Certificates bundle /usr/local/etc/openssl/cert.pem is up to date.
Certificates bundle /etc/openssl/cert.pem is up to date.
Certificates bundle /System/Library/OpenSSL/cert.pem is old.
Certificates bundle /usr/local/etc/openssl@1.1/cert.pem is up to date.

第二秒钟我得到:

$ rvm osx-ssl-certs status all
Selected SSL certs for: ruby-1.8.7-head
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Certificates bundle /usr/local/etc/openssl/cert.pem is up to date.

为什么第一台机器也在/ System / Library /中进行检查?如何配置为不这样做?

1 个答案:

答案 0 :(得分:1)

我能够安装gems。我不得不重新编译所有红宝石:

$ ram uninstall ruby-1.8.7-p374
$ rvm install ruby-1.8.7-p374 --with-gcc=clang
$ rvm use ruby-1.8.7-p374@openssl-test01 --create
$ gem install rdoc-data -v 3.12

此后,尽管rvm osx-ssl-certs status all仍显示到/ System / openssl的链接,但我仍然能够安装。

相关问题
最新问题