I have the following check in Serverspec tests:
openssl_latest_version = 'OpenSSL 1.0.2h 3 May 2016'
describe command('openssl version') do
its(:stdout) { should match openssl_latest_version }
end
Is there a way to automatically fetch the string that the latest officially released OpenSSL returns on executing openssl version? I.e. automatically set openssl_latest_version based for example on some curl call.
My intention is that the test should fail if installed version is later than the one currently published by OpenSSL as latest at the moment of running the test, but without human updating the parameters.
I do not want to check it against a version available in package manager for any specific OS version, I do not want to install latest version, I simply want the test to fail when the running version is different than the one announced as recent.
Here's a terrible little shell script that can do that:
And the output, as of just now, is:
You're jumping a few links in the chain. You need to check the latest version available in your package manager depending on the OS you're running. If you manage your own packages (For example SpaceWalk for RedHat derivatives), then that adds a few links to your chain because you'll also be managing the packages that are available upstream, so you could look to that as the source of truth.
If you're jumping completely outside of supported versions of openssl for your distro and going straight to the openssl project's latest and greatest, WELL OKAY THEN PARTNER, LET'S WRECK THIS PLACE LIKE IT AIN'T NO THANG! ᕕ( ᐛ )ᕗ
You'll want to use openssl's github repo, clone and check the version, then compile and install. Snarling up dependencies has never been so easy or secure!