joefiorini / vruby

38 stars 0 forks source link

Update to latest rubygems after installing Ruby #11

Closed joefiorini closed 7 years ago

joefiorini commented 9 years ago

There was an issue with prior Ruby versions having incorrect SSL certs for rubygems.org. See #9 for details on the problem.

To reproduce:

  1. Go into the example directory
  2. Make sure you clear out any previous vruby instances rm -rf vruby
  3. Run ../bin/vruby install --version 2.1.5
  4. Embed with ../bin/vruby vruby --version 2.1.5

You will likely see the following error:

ERROR: Could not find a valid gem 'bundler' (>= 0), here is why: Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

I'm guessing RVM does something here to download certs and install them. We should look into that and do the same.

joefiorini commented 9 years ago

If anyone runs into this error, you can fix it by following the instructions under "For non-RVM Users" on this SO post:

http://stackoverflow.com/a/19151697

Before running the ruby command given there, make sure you source vruby/bin/activate so you get the correct SSL directory for your installed Ruby version.

joefiorini commented 9 years ago

So that fixed the problem for me with installing gems, but I still had an issue running Rails. Fixed that by combining some steps from http://railsapps.github.io/openssl-certificate-verify-failed.html like so:

  1. Install openssl with brew install openssl and brew link --force openssl
  2. Download the latest certs into the new openssl installation:
cd /usr/local/etc/openssl/certs
sudo curl -O http://curl.haxx.se/ca/cacert.pem
sudo mv cacert.pem cert.pem

The only caveat here is that I need to set the SSL_CERT_FILE environment variable before running rails to:

export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cert.pem

Anyone know of a way around this without having to export an environment variable?

joefiorini commented 8 years ago

Just ran into this issue again with the new certificate on https://rails-assets.org (see rails-assets/rails-assets#306). I solved it by using https://github.com/raggi/openssl-osx-ca to sync the certs installed in my keychain with the ones in openssl. Note: in my attempts to fix this issue, I had manually installed the rails-assets intermediate cert which may/may not have been necessary. Try without doing this, but if it fails go to https://letsencrypt.org/certificates/ and download the Let’s Encrypt Authority X1 cert in pem format then open it to install in your keychain. Depending on the status of raggi/openssl-osx-ca#12, you may need to download the script from there and run that instead of official one.

Once the certs are synced, you should be good to go. However, using code from SO post linked above I noticed that my Ruby installation was expecting to find certs in /etc/openssl, but running openssl version -d showed that they are installed in /usr/local/etc/openssl. I went ahead and symlinked this (ln -s /usr/local/etc/openssl /etc/openssl) and the error about rails-assets certificate went away.

raggi commented 8 years ago

You shouldn't have to download the lets encrypt intermediate. The intermediate is signed by the DST X3 cert, which has been valid since 2000, and should be in your system certificate chain.

I suspect you had some other issue that you probably want to track down.

joefiorini commented 7 years ago

Closing this as I haven't had the issue with the past few Ruby versions I've installed.