From a9aa892177b9e529be251105f45163d3d32552c5 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@google.com>
Date: Thu, 26 Jul 2018 14:48:51 -0700
Subject: [PATCH] Exit gce kube-up.sh early if openssl is LibreSSL

macOS has an openssl binary, but it's actually LibreSSL, which
doesn't play well with the easyrsa script that cluster/gce/util.sh
uses to generate certs

Instead of waiting until we generate certs to discover easyrsa doesn't
work, consider openssl a prereq for gce, and include a check for the
version string starting with OpenSSL

Also, mirror kube-up.sh's "... calling" output in kube-down.sh
---
 cluster/gce/util.sh  | 5 +++++
 cluster/kube-down.sh | 3 +++
 hack/lib/util.sh     | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh
index fae2463497f..1d7d475bc5a 100755
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -109,6 +109,11 @@ function split_csv() {
 # Verify prereqs
 function verify-prereqs() {
   local cmd
+
+  # we use openssl to generate certs
+  kube::util::test_openssl_installed
+
+  # we use gcloud to create the cluster, gsutil to stage binaries and data
   for cmd in gcloud gsutil; do
     if ! which "${cmd}" >/dev/null; then
       local resp="n"
diff --git a/cluster/kube-down.sh b/cluster/kube-down.sh
index 5993dc4a413..7c183c6eeb1 100755
--- a/cluster/kube-down.sh
+++ b/cluster/kube-down.sh
@@ -30,8 +30,11 @@ source "${KUBE_ROOT}/cluster/kube-util.sh"
 
 echo "Bringing down cluster using provider: $KUBERNETES_PROVIDER"
 
+echo "... calling verify-prereqs" >&2
 verify-prereqs
+echo "... calling verify-kube-binaries" >&2
 verify-kube-binaries
+echo "... calling kube-down" >&2
 kube-down
 
 echo "Done"
diff --git a/hack/lib/util.sh b/hack/lib/util.sh
index 82010551f9b..1d2f714a49d 100755
--- a/hack/lib/util.sh
+++ b/hack/lib/util.sh
@@ -539,7 +539,14 @@ function kube::util::test_openssl_installed {
     if [ "$?" != "0" ]; then
       echo "Failed to run openssl. Please ensure openssl is installed"
       exit 1
+    elif [ "$(openssl version | cut -d\  -f1)" == "LibreSSL" ]; then
+      echo "LibreSSL is not supported. Please ensure openssl points to an OpenSSL binary"
+      if [ "$(uname -s)" == "Darwin" ]; then
+        echo 'On macOS we recommend using homebrew and adding "$(brew --prefix openssl)/bin" to your PATH'
+      fi
+      exit 1
     fi
+
     OPENSSL_BIN=$(command -v openssl)
 }