Checksum -s of apple-pki-bundle fetches from MacPorts, not Source
Daniel J. Luke
dluke at geeklair.net
Mon Nov 14 01:16:18 UTC 2022
-s just tells port to not fetch the 'binary archives', it doesn't tell port to not use the macports distfile mirror.
The files on the mirror will have a hash that matches the portfile, so they'll be the same as what the port maintainer downloaded from the master_sites (and the port command will validate this).
If the problem is that upstream files changed but the version didn't change, you need to treat it like a stealth update - https://trac.macports.org/wiki/PortfileRecipes#stealth-updates
> On Nov 13, 2022, at 5:53 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
> I’ve updated this port locally, but port is still fetching the old file from https://distfiles.macports.org/apple-pki-bundle, not the master_sites URL specified in the Portfile.
> May I please get some help determining what is causing this issue?
>> On Nov 12, 2022, at 8:06 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
>> Re: https://trac.macports.org/ticket/66230
>> This issue is caused because port fetches an expired certificate from https://distfiles.macports.org/apple-pki-bundle, not source:
>>> sudo port clean --all apple-pki-bundle
>>> sudo port -s checksum apple-pki-bundle +additional_pki_bundle +system_roots_keychain
>>> ---> Attempting to fetch AppleISTCA2G1.cer from https://distfiles.macports.org/apple-pki-bundle
>> But I’m explicitly passing -s to the port command—download from source:
>> What’s the fix to this? (Simple revbump?) And why don’t I detect it but the OP does?
Daniel J. Luke
More information about the macports-dev