Checksum -s of apple-pki-bundle fetches from MacPorts, not Source
Steven Smith
steve.t.smith at gmail.com
Mon Nov 14 03:12:31 UTC 2022
Thank you! Please see: https://github.com/macports/macports-ports/pull/16674
> On Nov 13, 2022, at 8:16 PM, Daniel J. Luke <dluke at geeklair.net> wrote:
>
> -s just tells port to not fetch the 'binary archives', it doesn't tell port to not use the macports distfile mirror.
>
> The files on the mirror will have a hash that matches the portfile, so they'll be the same as what the port maintainer downloaded from the master_sites (and the port command will validate this).
>
> If the problem is that upstream files changed but the version didn't change, you need to treat it like a stealth update - https://trac.macports.org/wiki/PortfileRecipes#stealth-updates
>
>> On Nov 13, 2022, at 5:53 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
>> I’ve updated this port locally, but port is still fetching the old file from https://distfiles.macports.org/apple-pki-bundle, not the master_sites URL specified in the Portfile.
>>
>> May I please get some help determining what is causing this issue?
>>
>>
>>> On Nov 12, 2022, at 8:06 AM, Steven Smith <steve.t.smith at gmail.com> wrote:
>>>
>>> Re: https://trac.macports.org/ticket/66230
>>>
>>> This issue is caused because port fetches an expired certificate from https://distfiles.macports.org/apple-pki-bundle, not source:
>>>
>>>> sudo port clean --all apple-pki-bundle
>>>> sudo port -s checksum apple-pki-bundle +additional_pki_bundle +system_roots_keychain
>>>> …
>>>> ---> Attempting to fetch AppleISTCA2G1.cer from https://distfiles.macports.org/apple-pki-bundle
>>>
>>> But I’m explicitly passing -s to the port command—download from source:
>>>
>>> What’s the fix to this? (Simple revbump?) And why don’t I detect it but the OP does?
>
>
> --
> Daniel J. Luke
>
More information about the macports-dev
mailing list