[MacPorts] #46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)

MacPorts noreply at macports.org
Mon Jan 12 16:39:18 PST 2015


#46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)
---------------------+--------------------------------
  Reporter:  fw@…    |      Owner:  macports-tickets@…
      Type:  defect  |     Status:  new
  Priority:  Low     |  Milestone:
 Component:  base    |    Version:  2.3.3
Resolution:          |   Keywords:
      Port:          |
---------------------+--------------------------------

Comment (by fw@…):

 I hardly think that this is a serious enough problem to justify dropping
 support for all PowerMacs, which is what dropping 10.4 and 10.5 would do.
 Even the documentation-only fix wouldn't be ''too'' bad.

 I believe the only reason HTTPS is being used for GitHub at all is because
 it refuses to speak plain HTTP.  So merely operating as
 "fetch.ignore_sslcert=yes" in this case would be fine (given that the
 separate checksum verification makes the certificate verification
 unnecessary).

 For a "proper" fix, the pre-10.6 installers could bundle a working version
 of curl, which might as well statically link against libssl and libcrypto
 in this context, so that only one file is needed.  This would have to
 either go someplace other than /opt/local/bin/, or have a different name
 (to avoid conflicting with the curl port).  Then there'd just need to be
 some sort of "my-curl" variable, pointing either at the bundled version or
 the system version.

 AFAICT, the system root CAs are fine, since I can access GitHub from the
 old versions of Safari and Firefox on 10.5 just fine (except for GitHub's
 warnings about the old browser versions :-)).  If you try HTTP, it just
 redirects to HTTPS.


 Another question is whether it would be acceptable to use
 /opt/local/bin/curl when available.  Presumably, MacPorts tries to avoid
 using tools from its own ports in general to avoid getting burned by the
 non-atomic upgrade process.  But that may not be an issue for a tool
 that's only used in the fetch phase.  If it did that, then the only
 missing piece would be a 10.4/10.5 fetch dependency on curl, for any port
 using HTTPS fetches.  For safety, it might use the "ported" curl only for
 HTTPS (or only when the system curl fails).

-- 
Ticket URL: <https://trac.macports.org/ticket/46539#comment:4>
MacPorts <https://www.macports.org/>
Ports system for OS X


More information about the macports-tickets mailing list