Homebrew의 패키지 업그레이드 PR 생성을 위해서 개발자 기능을 켜고 명령을 실행했는데 오류가 난다.> brew bump --cask --open-pr <cask> Fetching source index from https://rubygems.org/ Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. Could not verify the SSL certificate for https://rubygems.org/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see https://railsapps.github.io/openssl-certificate-verify-failed.html. Error: failed to run `/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.3.0/bin/bundle install`!
Zscaler가 설치된 환경이라서 외부로 향하는 요청은 Zscaler 인증서로 요청이 대체된다. 이러한 상황에서 시스템 인증서 풀을 사용하면 사전에 등록해둔 인증서를 이용할 수 있어서 문제가 없다. 하지만 프로그램에 따라서 별도의 CA 인증서 풀을 사용하게 되면 Zscaler 인증서가 누락되어 있기 때문에 SSL 오류가 발생한다.Homebrew의 경우에는 내부 로직 처리를 위해서 portable ruby를 이용하고 있다. 그래서 ruby가 사용하는 인증서 풀을 찾아서 Zscaler 인증서를 등록해주면 SSL 에러를 제거할 수 있다./opt/homebrew/Library/Homebrew/vendor/portable-ruby/current/libexec/cert.pem
m3 MacOS 기준으로 위 경로에 ruby 인증서가 위치하고 있다. 간단한 명령을 통해서 인증서를 추가한다.
cat ~/ZscalerRootCA.pem >> /opt/homebrew/Library/Homebrew/vendor/portable-ruby/current/libexec/cert.pem
그리고 앞서 PR 생성을 위한 명령을 다시 실행해보면 정상 동작한다.
> brew bump --cask --open-pr <cask> Fetching gem metadata from https://rubygems.org/....... Fetching sorbet-runtime 0.5.11589 Fetching sorbet-static 0.5.11589 (universal-darwin) Installing sorbet-runtime 0.5.11589 Installing sorbet-static 0.5.11589 (universal-darwin) Fetching sorbet 0.5.11589 Installing sorbet 0.5.11589 Fetching sorbet-static-and-runtime 0.5.11589 Installing sorbet-static-and-runtime 0.5.11589 Bundle complete! 39 Gemfile dependencies, 75 gems now installed. Bundled gems are installed into `../../../Homebrew/vendor/bundle` ...
안타깝게도 ruby 버전이 업데이트 될 때마다 반복해줘야 한다.