Re: privoxy-pki-bundle not Behaving as Desired – Request for Assistance

Jim DeLaHunt list+macports-dev at jdlh.com
Mon May 23 23:35:19 UTC 2022


On 2022-05-23 13:59, Steven Smith wrote:
...
> The certs in curl-ca-bundle are updated regularly to clear out expired certs.
...> The “solution” appears to be to bump the revision of 
privoxy-pki-bundle by hand whenever curl-ca-bundle is updated....

And how often is port curl-ca-bundle updated? What volume of revision 
bumps are you trying to automate?

I'm not an expert, but as I read the Portfile for net/curl[1]:
1. port curl-ca-bundle is a subport of port curl[2],
2. it looks to me like port curl-ca-bundle only got updated about 7 
times in the last 43 months[3]
3. it looks as if port curl-ca-bundle updates a file within curl,
security/nss/lib/ckfw/builtins/certdata.txt, and does some make and
install operations. Maybe building and installing curl itself does
those same operations.
4. Thus, maybe a version update to port curl also functions as an
update to port curl-ca-bundle, but I'm not sure.
5. it looks like port curl got updated about 25 times in the last 43 
month[3], so three times as often as port curl-ca-bundle.

So it looks to me like you are working with an average update tempo of 
either 2 updates/year or 9 updates/year, depending on whether #4 is true.

If #4 is true, it makes me wonder if maybe port curl-ca-bundle's values 
for certdata_updated (epoch time) and certdata_date should get updated 
each time the curl version gets updated.

Does that help?
    --Jim DeLaHunt

[1] 
<https://github.com/macports/macports-ports/commits/master/net/curl/Portfile>
[2] 
<https://github.com/macports/macports-ports/blob/f0dd90b0d81d4fd8c902f909b1e9c0114a1b950c/net/curl/Portfile#L239-L322>
[3] 
<https://github.com/macports/macports-ports/commits/master/net/curl/Portfile>


More information about the macports-dev mailing list