[MacPorts] #55509: cyclic reference breaks upgrade: curl vs. libpsl
MacPorts
noreply at macports.org
Wed Dec 13 00:00:29 UTC 2017
#55509: cyclic reference breaks upgrade: curl vs. libpsl
--------------------------------------+--------------------
Reporter: eiked | Owner:
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.4.2
Keywords: libpsl curl wget upgrade | Port: libpsl
--------------------------------------+--------------------
Hello everyone at macports
I'd like to report a serious problem
which breaks "port upgrade" on ppc machines (10.4/10.5)
and possibly on 10.6 as well (not tested)
Please forward this to the maintainer of the libpsl port
(devans at macports.org)
This problem affects the basic workings of macports.
I believe this to be ***critical*** (for upgrading old systems at least)
{{{
% port echo dependentof:libpsl
curl
wget
}}}
Aka, we need libpsl to upgrade curl,
but we need a recent curl to retrieve libpsl (because libpsl needs to
retrieve publicsuffix.zip from github in Portfile:post-extract)
My Suggestion:
Please get rid of that post-extract curl,
just include a copy of the most recent publicsuffix with the distribution,
and put updating publicsuffix in a port on it's own.
(see below)
***Description***
When trying to install libpsl @0.19.1_1 (net)
with macports version 2.4.2,
on OSX Tiger or Leopard
- curl needs libpsl
- libpsl needs a recent curl
REASON:
curl fails to fetch:
{{{
https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
}}}
WORKAROUND:
- download the publicsuffix file manually. Modify the Portfile to use that
SUGGESTED FIX:
- provide the most recent publicsuffix file with libpsl
- extract publicsuffix into a separate port (like ca-certs)
- update publicsuffix upon successful curl/wget upgrade
- develop cron-publicsuffix-update for regular updates
---
***Details***
{{{
# port install libpsl
Error: Failed to extract libpsl: SSL certificate problem, verify that the
CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
}}}
which boils down to libpsl/Portfile:post-extract:
{{{
#
/opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/libpsl/Portfile
set psl_data_dir ${workpath}
set psl_data_commit 85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
set psl_data_archive ${psl_data_commit}.zip
set psl_data_url https://github.com/publicsuffix/list/archive
post-extract {
curl fetch ${psl_data_url}/${psl_data_archive}
${psl_data_dir}/${psl_data_archive}
# [...]
}}}
Looks like the Tiger/Leopard /usr/bin/curl can't talk with github anymore:
{{{
# /usr/bin/curl
https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
}}}
wget [wget @1.19.2_1+ssl (active)] from my modern machine shows this:
{{{
% wget -S
https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
--2017-12-12 23:38:41--
https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
Loaded CA certificate '/opt/local/share/curl/curl-ca-bundle.crt'
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 12 Dec 2017 22:38:42 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Status: 302 Found
Cache-Control: no-cache
Vary: X-PJAX
Location:
https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sat, 12
Dec 2037 22:38:42 -0000; secure; HttpOnly
Set-Cookie:
_gh_sess=eyJzZXNzaW9uX2lkIjoiZDVmNzg3N2ZkYWFjNjllOGFjYzUwODcyMTg0MzRlYTMiLCJsYXN0X3JlYWRfZnJvbV9yZXBsaWNhcyI6MTUxMzExODMyMjQxMCwic3B5X3JlcG8iOiJwdWJsaWNzdWZmaXgvbGlzdCIsInNweV9yZXBvX2F0IjoxNTEzMTE4MzIyfQ%3D%3D
--3b45a9b275a488371002dacfb72fc5b8331cfc04; path=/; secure; HttpOnly
X-Request-Id: cd69a52b401706e5ddb74a66c4a68e6d
X-Runtime: 0.061032
Expect-CT: max-age=2592000, report-
uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-
mixed-content; child-src render.githubusercontent.com; connect-src 'self'
uploads.github.com status.github.com collector.githubapp.com
api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com
github-production-repository-file-5c1aeb.s3.amazonaws.com github-
production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-
user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-
cdn.github.com; form-action 'self' github.com gist.github.com; frame-
ancestors 'none'; img-src 'self' data: assets-cdn.github.com
identicons.github.com collector.githubapp.com github-
cloud.s3.amazonaws.com *.githubusercontent.com; media-src 'none'; script-
src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Public-Key-Pins: max-age=0; pin-
sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-
sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-
sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-
sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-
sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-
sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-
sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-Runtime-rack: 0.067516
X-GitHub-Request-Id: B669:4A62:13804D6:27CC5CA:5A305A72
Location:
https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
[following]
--2017-12-12 23:38:42--
https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120,
192.30.253.121
Connecting to codeload.github.com
(codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Content-Length: 94969
Access-Control-Allow-Origin: https://render.githubusercontent.com
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline';
sandbox
Strict-Transport-Security: max-age=31536000
Vary: Authorization,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
ETag: "85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3"
Content-Type: application/zip
Content-Disposition: attachment; filename=list-
85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
X-Geo-Block-List:
Date: Tue, 12 Dec 2017 22:38:43 GMT
X-GitHub-Request-Id: 8463:0363:7C351:B0125:5A305A73
Length: 94969 (93K) [application/zip]
Saving to: '85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1'
85fa8fbdf73a0f2fcf5 100%[===================>] 92.74K 276KB/s in
0.3s
2017-12-12 23:38:43 (276 KB/s) -
'85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1' saved [94969/94969]
}}}
--
Ticket URL: <https://trac.macports.org/ticket/55509>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list