Get rid of Heartbleed in Mavericks for Ruby development
For the past three weeks I was AFK so I got the news about the heartbleed bug but didn’t get to do anything about it. Today I finally got back and decided to start by fixing it on my development machine. Here are the steps I followed in case you want to do the same.
First you need to make sure you are using versions 1.0.1 through 1.0.1f from openssl toolkit. You can check the version by running.
In my case I got a 0.9x version that comes by default with Mavericks so I wasn’t affected but hey why not update to the latest version? The easy way to do this is through homebrew
brew update brew upgrade brew install openssl
After installed double check you have the latest version (OpenSSL 1.0.1g at the time of writing the post). Because I had the Apple version I need to force the link for it to work. What this is going to do is just point to the openssl version installed in the
/usr/local/bin path that brew uses.
brew link --force openssl
Now you should get the right version but we better make sure our Ruby installations are using it. If you are using rbenv like me you can iterate through the different ruby versions by running
rbenv shell x.x.x (where x.x.x is the name of the version). Then you run the following command
ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION"
Again in my case they had all been compiled using the 0.9x version of openssl so I just re installed all of them but the system one (which I don’t really use). This can be accomplished quite easily if you have rbenv and ruby-build installed. All you need to do is run the following commands for each version you want to recompile.
rbenv uninstall x.x.x rbenv install x.x.x
Installing version 2.2.0-dev was no problem but for some reason version 2.1.1 was giving me a make error and the only way I got it to work was to add the –with-readline-dir option pointing to the libreadline.so
RUBY_CONFIGURE_OPTS=--with-readline-dir="/usr/lib/libreadline.so" rbenv install 2.1.1