Checksum -s of apple-pki-bundle fetches from MacPorts, not Source

Daniel J. Luke dluke at geeklair.net
Mon Nov 14 01:16:18 UTC 2022


-s just tells port to not fetch the 'binary archives', it doesn't tell port to not use the macports distfile mirror.

The files on the mirror will have a hash that matches the portfile, so they'll be the same as what the port maintainer downloaded from the master_sites (and the port command will validate this).

If the problem is that upstream files changed but the version didn't change, you need to treat it like a stealth update - https://trac.macports.org/wiki/PortfileRecipes#stealth-updates

> On Nov 13, 2022, at 5:53 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
> I’ve updated this port locally, but port is still fetching the old file from https://distfiles.macports.org/apple-pki-bundle, not the master_sites URL specified in the Portfile.
> 
> May I please get some help determining what is causing this issue?
> 
> 
>> On Nov 12, 2022, at 8:06 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
>> 
>> Re: https://trac.macports.org/ticket/66230
>> 
>> This issue is caused because port fetches an expired certificate from ​https://distfiles.macports.org/apple-pki-bundle, not source:
>> 
>>> sudo port clean --all apple-pki-bundle
>>> sudo port -s checksum apple-pki-bundle +additional_pki_bundle +system_roots_keychain
>>>>>> ---> Attempting to fetch AppleISTCA2G1.cer from https://distfiles.macports.org/apple-pki-bundle
>> 
>> But I’m explicitly passing -s to the port command—download from source:
>> 
>> What’s the fix to this? (Simple revbump?) And why don’t I detect it but the OP does?


-- 
Daniel J. Luke



More information about the macports-dev mailing list