why does installing ruby 2.1.0 copy to /etc/openssl/cert.perm?

I installed ruby 2.1.0 using rvm.

It asked me to enter my password so it coudl copy a file to /etc/openssl/cert.perm

Is this normal? why?


I’m not sure I would call it normal, but it is possible. RVM now automatically installs/updates any third party software or modules it needs for installation. It is possible it’s updating your version of OpenSSL to a version it requires. If you are installing RVM at a user level and openssl is installed at the root level, it may need your password to update it. Some operating systems may require the password to update a certificate no matter what. I’m doing a fair amount of guessing here, and I don’t know what your environment is, but to be safe, I exit, separately update OpenSSL through whatever mechanism you used to install it, and then install Ruby 2.1.0. If OpenSSL is current, it should need to update anything. If that’s not it, sorry, but I really can’t help without more information.

mike2r you were quite close with the guess, RVM updates this certificates based on a path from a binary ruby, now that path is hard coded within the ruby as it is statically linked to openssl - usually you should not use static linking, but in that case it was the only option to allow providing "universal binaries for OSX that will work no matter what package manager is used on the system, note the problem is on apple site as they do not provide a package manager so users are forced to seek out third party solutions, this causes that you get limited options, you can not assume software will be available in some path, like you could install homebrew to ~/.brew - so anything linked against /opt/… would not work, so even people using the same package manager but in different locations would have to recompile ruby, using statically linked binaries eliminates the need for any local dependencies but caries also some disadvantages like the hard coded path for certificates - or pinned version of libraries that do not get security updates (notice that neither homebrew or macports get setup to provide automated security updates) you should not use this OSX binaries for production use, it is safe to use them in development, if you know you will host the app publicly from your OSX system you should use dynamically linked rubies making sure they are linked to newest versions of security updated software, this means on homebrew you need to update all software and reinstall the ruby in rvm with --disable-bianry flag (this is only needed for publicly hosted webrick using https sites from OSX)