Licensing and Distributing a Paid Ruby CLI on macOS

Transcript

1. Moncef Belyamani / rubyonmac.dev / @monfresh Licensing and Distributing a

   Paid Ruby CLI on macOS Rocky Mountain Ruby / October 6, 2023

2. Moncef Belyamani @monfresh monfresh.com rubyonmac.dev

3. None
4. None
5. None

6. I spent hours trying to get Jekyll to work on

   my new M2 Mac. Every time I thought I had it something else would break. Scott Lewis

7. If only I could get those 10 hours back from

   the last few days spent trying to get 2.6.10 installed on this MacBook Air M1. Dan Weaver

8. I spent around 3 days trying to solve issues on

   a Rails app. I looked and tried and retried so many possible solutions from so many sources on the web... but nothing was working. Monica Randriamialy

9. I spent probably 4 hours trying to do exactly same

   setup as before and it never worked. Anton Podviaznikov
10. None

11. • Xcode/Command Line Tools version • macOS version • Intel

    vs Apple Silicon • Installing things with and without Rosetta at the same time • The desired Ruby version • The current active Ruby version • The version manager used • Which OpenSSL versions are installed and which one you're trying to compile with • Missing, miscon fi gured, and outdated dev tools • PATH issues • Setting ENV vars and other compilation settings globally in shell startup fi le What can affect Ruby installation?

12. LDFLAGS CPPFLAGS RUBY_CFLAGS PKG_CONFIG_PATH --with-openssl-dir -Wno-error=implicit-function-declaration

13. None

14. The script was such a life saver. Finally got my

    Flutter project working on my laptop after literally one year! Nicole Manson

15. This script is truly a lifesaver! I couldn't get any

    version managers to work properly. Gelo Rosel

16. You are a lifesaver, I was struggling with installing rails

    on my m1 MBP and your script saved all the hassle. Abdullah Ashraf

17. Your script was a lifesaver, thank you so much, I

    am incredibly grateful for your work. Justin Festa

18. • Painless Ruby dev setup in 15 minutes or less

    • Works with all version managers • Installs Ruby faster than any other version manager (2x as fast as rbenv/asdf) • Easily install Ruby versions as old as 2.1 • Set up a new Mac in minutes with all your dev tools, Mac apps, fonts, Git preferences, macOS preferences, and GitHub repos. • Reset mode backs up and cleans up your dev setup in 1 minute rubyonmac.dev Ruby on Mac

19. • Prime customers: 1 year of updates, 1 Mac at

    a time Gotta Have Limits
20. None

21. • Prime customers: 1 year of updates, 1 Mac at

    a time • Use Ruby for license veri fi cation code • License-related code can't be easily bypassed by customer • Scripts need to be able to run on a brand new Mac with no dev tools • Customer can reliably activate and deactivate Macs Gotta Have Limits

22. 💰 👤

23. None

24. github.com/neurobin/shc

25. test.sh shc test.sh.x.c ./test

26. None
27. None
28. None
29. None
30. None
31. None

32. github.com/jruby/warbler

33. github.com/phusion/ traveling-ruby

34. github.com/pmq20/ruby-packer

35. • Supplies a patched Ruby • Compiles that Ruby locally

    (with native extensions) • Packs it into a squashfs archive • Ruby is patched to look inside the squashfs and the real fi lesystem How ruby-packer works

36. 👍 single file, works with all native extensions

37. 👎 no cross-packaging support

38. None

39. github.com/ericbeland/ ruby-packer

40. github.com/motor-admin/ ruby-packer

41. None
42. None
43. None
44. None

45. unable to find ecdh parameters

46. None
47. None
48. None
49. None

50. HOLD UP

51. WAIT A MINUTE

52. rubyc --openssl-dir=/opt/homebrew/etc/[email protected]

53. rom script -m reset

54. certificate verify failed (OpenSSL::SSL::SSLError)

55. ➜ ls -la /opt/homebrew/etc/[email protected] total 0 drwxr-xr-x@ 3 moncef admin

    96B Sep 12 10:59 ./ drwxrwxr-x@ 16 moncef admin 512B Sep 12 10:59 ../ lrwxr-xr-x@ 1 moncef admin 42B Sep 12 10:59 cert.pem@ -> /opt/homebrew/etc/ca-certificates/cert.pem

56. ➜ openssl version -a LibreSSL 3.3.6 built on: date not

    available platform: information not available options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) compiler: information not available OPENSSLDIR: "/private/etc/ssl"

57. rubyc --openssl-dir=/private/etc/ssl test.rb -o test

58. 🎉

59. bundle exec rake rubyc

60. rubyc --openssl-dir=/private/etc/ssl test.rb -o test

61. None
62. None

63. • Sign up for Apple Developer Program ($99/year) Gotta Be

    Legit
64. None

65. • https://developer.apple.com/documentation/devicecheck One, Two, One, Two DeviceCheck

66. None
67. None
68. None

69. import DeviceCheck public func getDeviceToken(completion: @escaping (String?) -> ()) {

    let currentDevice = DCDevice.current if currentDevice.isSupported { currentDevice.generateToken(completionHandler: { (data, error) in if let tokenData = data { let tokenString = tokenData.base64EncodedString() print("Device token generated 🎉") completion(tokenString) } else { print("Error generating token: \(error!.localizedDescription)") } }) } else { print("Device is not supported") // Simulators or etc. } }

70. getDeviceToken { deviceToken in var request = URLRequest(url: "http://localhost:3000/test") request.httpMethod

    = "POST" // Header request.setValue(deviceToken, forHTTPHeaderField: "Device-Token") // Body request.setValue("application/json; charset=utf-8", forHTTPHeaderField: "Content-Type") let json = ["device_token": deviceToken] as [String : Any] let jsonData = try! JSONSerialization.data(withJSONObject: json) request.httpBody = jsonData as Data // Send it to server let downloadTask = URLSession.shared.dataTask(with: request, completionHandler: { data, response, error in ... }) }

71. HOLD UP

72. WAIT A MINUTE

73. ??

74. None
75. None
76. None
77. None

78. let homeDirectory = NSHomeDirectory() let fileURL = URL(fileURLWithPath: "\(homeDirectory)/token.txt" if

    let data = token.data(using: .utf8) { do { try data.write(to: fileURL) } catch { print("Error writing token to the file: \(error)") } }

79. DeviceCheck Token ✅

80. Ruby script binary ✅

81. Bash script binary ✅

82. if ! ./verify_license; then exit fi

83. codesign --timestamp \ --options=runtime \ -s "5NB2AVZQPV" \ -v verify_license

84. codesign --display --verbose=1 verify_license

85. Executable=/Users/moncef/projects/rubyonmac-prime/verify_license Identifier=verify_license Format=Mach-O thin (arm64) Signature size=8981 Timestamp=Sep 9, 2023

    at 16:52:16 Info.plist=not bound TeamIdentifier=5NB2AVZQPV Runtime Version=13.3.0 Sealed Resources=none

86. require 'json' result = `git for-each-ref --sort=-creatordate --format='% (creatordate:short) |

    %(contents)' refs/tags` tags = result.split("\n\n") versions = tags.each_with_object([]) do |tag, array| date = tag.split(" | ").first version = tag.split("Release ")[1] array.push({date:, version:}) end File.write("prime-versions.json", JSON.generate(versions))
87. None

88. codesign \ --timestamp \ --options=runtime \ -s "5NB2AVZQPV" \ --prefix="com.rubyonmac.2.0.22."

    \ -v verify_license

89. Executable=/Users/moncef/projects/rubyonmac-prime/verify_license Identifier=com.rubyonmac.2.0.22.verify_license Format=Mach-O thin (arm64) Signature size=8981 Timestamp=Sep 9, 2023

    at 16:52:16 Info.plist=not bound TeamIdentifier=5NB2AVZQPV Runtime Version=13.3.0 Sealed Resources=none
90. None
91. None
92. None
93. None
94. None
95. None
96. None
97. None
98. None
99. None
100. None
101. None
102. None
103. None

104. 💰 👤

105. None

106. Customer.exists?(email:) ❌

107. Customer.find_by(email:).present? ❌

108. Customer.where(email:).reload.present? ❌

109. Customer.uncached { Customer.where(email:).to_a.present? } ✅

110. • Generate the license • Store it in S3 with

     ActiveStorage • Respond to Paddle with plain text containing link to the license • Paddle emails customer Go With the Flow

111. • Customer downloads license and latest Ruby on Mac release

     • Customer runs .pkg installer • Installer puts ROM Token Generator macOS app in /Applications • Installer unzips rubyonmac folder Go With the Flow

112. • Customer runs Bash script • Bash script checks that

     license veri fi cation binary exists and that it's signed by me • License is decrypted and email and product are extracted • ROM Token Generator app is opened in the background • Token gets saved to a fi le Go With the Flow

113. • Token is read from the fi le and stored

     in a variable • Token Generator app is quit • Script sends token, email, and product to the Rails app • Rails app performs validations Go With the Flow

114. • Send request to Apple's "query_two_bits" endpoint • "Failed to

     fi nd bit state" means ROM has not yet been run on this Mac • Send request to "update_two_bits" endpoint to set bit0 and bit1 • If device already activated, Apple returns current bit0 and bit1 values Go With the Flow

115. • Verify current version was released before license expiration •

     Bash script can continue • License veri fi cation takes ~1 second Go With the Flow
116. None

117. • MacBook Pro with Touch Bar (2016 and 2017) and

     Apple T1 Chip • Intel-based Mac computers with Apple T2 Security Chip • Mac computers with Apple silicon Secure Enclave

118. Copying latest Ruby on Mac files... cp: rom_arm64: No such

     file or directory
119. None

120. Copying latest Ruby on Mac files... The rom-prime_arm64 file is

     missing! You are most likely running SentinelOne, which removed the file. Ruby on Mac Prime is not compatible with SentinelOne. Only the Ultimate version is. Please upgrade to Ruby on Mac Ultimate with coupon code FOOBAR: https://www.rubyonmac.dev/pricing If you're not running SentinelOne, please report this issue to [email protected]

121. • Testing Ruby Rewrite Benefits

122. • Testing • User Experience Ruby Rewrite Benefits

123. • Testing • User Experience • Future Proof Ruby Rewrite

     Benefits

124. Thank You! And a Gift 5⃣ RMR50 4⃣ RMR40 3⃣

     RMR30 2⃣ RMR20 1⃣ RMR10 rubyonmac.dev/pricing