[MacPorts] #40383: failed synchro with selfupdate using svn version

Sat Sep 7 05:40:32 PDT 2013

#40383: failed synchro with selfupdate using svn version
--------------------------+--------------------------------
  Reporter:  leclercfl@…  |      Owner:  macports-tickets@…
      Type:  defect       |     Status:  new
  Priority:  Normal       |  Milestone:
 Component:  base         |    Version:  2.2.99
Resolution:               |   Keywords:
      Port:               |
--------------------------+--------------------------------

Comment (by raimue@…):

 This is a infamous bug in /usr/bin/svn from Mac OS X as shipped by Apple.
 If I remember correctly it's broken since Mac OS X 10.5 Lion. The only
 place where Apple ships certificates is in the Keychain, but they are not
 used by the installed Subversion client to validate certificates. There
 are some tutorials on how to extract the certificates from Keychain and
 put them into the CA search path at `/System/Library/OpenSSL/certs/`.

 You need to manually accept the certificate before you will be able to
 sync using over SSL with Subversion without a certificate validation
 error. Choosing permanently will store the fingerprint inside
 ~/.subversion/auth/svn.ssl.server/. Note that the sync command will be run
 as the user owning the ports tree directory specified in sources.conf, so
 the certificate needs to be accepted by that user.

 Publishing the fingerprint for you to check here (as an alternative, you
 could also get it from your browser):
 {{{
 /usr/bin/svn info https://svn.macports.org/repository/macports
 Error validating server certificate for 'https://svn.macports.org:443':
  - The certificate is not issued by a trusted authority. Use the
    fingerprint to validate the certificate manually!
 Certificate information:
  - Hostname: *.macports.org
  - Valid: from Tue, 22 Feb 2011 17:29:43 GMT until Tue, 18 Mar 2014
 23:36:56 GMT
  - Issuer: 07969287, http://certificates.godaddy.com/repository,
 GoDaddy.com, Inc., Scottsdale, Arizona, US
  - Fingerprint:
 4d:ea:4a:77:55:ac:8e:2e:9e:11:8a:59:3d:ec:c7:45:7d:b0:72:19
 (R)eject, accept (t)emporarily or accept (p)ermanently?
 }}}

 The subversion client distributed by the subversion port in MacPorts uses
 the curl-ca-bundle to validate certificates and therefore will not suffer
 from such problems. Installing this port will also solve this problem.
 However, for a new installation that is a chicken-and-egg problem if you
 want to sync using Subversion exclusively.

-- 
Ticket URL: <https://trac.macports.org/ticket/40383#comment:4>
MacPorts <http://www.macports.org/>
Ports system for OS X