<pre style='margin:0'>
Joshua Root (jmroot) pushed a commit to branch master
in repository macports-base.
</pre>
<p><a href="https://github.com/macports/macports-base/commit/f7828b8c2533ff5a59190461d9f982ce290a8911">https://github.com/macports/macports-base/commit/f7828b8c2533ff5a59190461d9f982ce290a8911</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new f7828b8c2 archivefetch: try other mirrors if fetching sig fails
</span>f7828b8c2 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit f7828b8c2533ff5a59190461d9f982ce290a8911
</span>Author: Joshua Root <jmr@macports.org>
AuthorDate: Tue Nov 14 21:49:02 2023 +1100
<span style='display:block; white-space:pre;color:#404040;'> archivefetch: try other mirrors if fetching sig fails
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Also behave the same way when just the signature failed to fetch as
</span><span style='display:block; white-space:pre;color:#404040;'> when the archive failed to fetch, i.e. error out only if binary-only
</span><span style='display:block; white-space:pre;color:#404040;'> mode is enabled, otherwise fall back to building from source.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> See: https://trac.macports.org/ticket/68192
</span>---
src/package1.0/portarchivefetch.tcl | 81 +++++++++++++++++++++++--------------
1 file changed, 50 insertions(+), 31 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/package1.0/portarchivefetch.tcl b/src/package1.0/portarchivefetch.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index b9312d27c..ecfa54fdf 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/package1.0/portarchivefetch.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/package1.0/portarchivefetch.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -222,48 +222,67 @@ proc portarchivefetch::fetchfiles {args} {
</span> set urlmap($url_var) $urlmap(archive_sites)
}
set failed_sites 0
<span style='display:block; white-space:pre;background:#ffe0e0;'>- unset -nocomplain fetched
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set archive_fetched 0
</span> set lastError ""
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # there should be an rmd160 digest of the archive signed with one of the trusted keys
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set signature ${incoming_path}/${archive}.rmd160
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set sig_fetched 0
</span> foreach site $urlmap($url_var) {
if {[string index $site end] ne "/"} {
append site "/[option archive.subdir]"
} else {
append site [option archive.subdir]
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_msg "$UI_PREFIX [format [msgcat::mc "Attempting to fetch %s from %s"] $archive ${site}]"
</span> set file_url [portfetch::assemble_url $site $archive]
<span style='display:block; white-space:pre;background:#ffe0e0;'>- set effectiveURL ""
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- try {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- curl fetch --effective-url effectiveURL {*}$fetch_options $file_url "${incoming_path}/${archive}.TMP"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set fetched 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } trap {POSIX SIG SIGINT} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_debug [msgcat::mc "Aborted fetching archive due to SIGINT"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file delete -force "${incoming_path}/${archive}.TMP"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } trap {POSIX SIG SIGTERM} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_debug [msgcat::mc "Aborted fetching archive due to SIGTERM"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file delete -force "${incoming_path}/${archive}.TMP"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } on error {eMessage} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_debug [msgcat::mc "Fetching archive failed: %s" $eMessage]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set lastError $eMessage
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file delete -force "${incoming_path}/${archive}.TMP"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- incr failed_sites
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {$failed_sites > 2 && ![tbool ports_binary_only] && ![_archive_available]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # fetch archive
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!$archive_fetched} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg "$UI_PREFIX [format [msgcat::mc "Attempting to fetch %s from %s"] $archive ${site}]"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ try {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl fetch {*}$fetch_options $file_url ${incoming_path}/${archive}.TMP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set archive_fetched 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } trap {POSIX SIG SIGINT} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Aborted fetching archive due to SIGINT"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force ${incoming_path}/${archive}.TMP $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } trap {POSIX SIG SIGTERM} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Aborted fetching archive due to SIGTERM"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force ${incoming_path}/${archive}.TMP $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } on error {eMessage} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Fetching archive failed: %s" $eMessage]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set lastError $eMessage
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force ${incoming_path}/${archive}.TMP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ incr failed_sites
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$failed_sites > 2 && ![tbool ports_binary_only] && ![_archive_available]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ break
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[info exists fetched]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # there should be an rmd160 digest of the archive signed with one of the trusted keys
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set signature "${incoming_path}/${archive}.rmd160"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_msg "$UI_PREFIX [format [msgcat::mc "Attempting to fetch %s from %s"] ${archive}.rmd160 $site]"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # reusing $file_url from the last iteration of the loop above
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[catch {curl fetch --effective-url effectiveURL {*}$fetch_options ${file_url}.rmd160 $signature} result]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_debug "$::errorInfo"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return -code error "Failed to fetch signature for archive: $result"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # fetch signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!$sig_fetched} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg "$UI_PREFIX [format [msgcat::mc "Attempting to fetch %s from %s"] ${archive}.rmd160 $site]"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ try {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl fetch {*}$fetch_options ${file_url}.rmd160 $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set sig_fetched 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } trap {POSIX SIG SIGINT} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Aborted fetching archive due to SIGINT"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force ${incoming_path}/${archive}.TMP $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } trap {POSIX SIG SIGTERM} {_ eOptions} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Aborted fetching archive due to SIGTERM"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force ${incoming_path}/${archive}.TMP $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ throw [dict get $eOptions -errorcode] [dict get $eOptions -errorinfo]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } on error {eMessage} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_debug [msgcat::mc "Fetching archive signature failed: %s" $eMessage]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set lastError $eMessage
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete -force $signature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$archive_fetched && $sig_fetched} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ break
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$archive_fetched && $sig_fetched} {
</span> set openssl [findBinary openssl $portutil::autoconf::openssl_path]
set verified 0
foreach pubkey [option archivefetch.pubkeys] {
</pre><pre style='margin:0'>
</pre>