cannot download distfile for libressl

Ryan Schmidt ryandesign at macports.org
Sat Feb 11 08:25:19 UTC 2017 

> On Feb 10, 2017, at 18:04, Kastus Shchuka <kastus at tprfct.net> wrote:
> 
> On Fri, Feb 10, 2017 at 10:13:35AM -0600, Ryan Schmidt wrote:
>> 
>>> On Feb 10, 2017, at 08:05, Rainer Müller <raimue at macports.org> wrote:
>>> 
>>> On 2017-02-10 03:18, Kastus Shchuka wrote:
>>>> I am trying to upgrade libressl (2.4.5), and as binary package is not
>>>> available yet, port command attempts to build from source but fails
>>>> to retrieve distfile. I am seeing 404 error from all mirrors, and
>>>> from openbsd.org site I am getting this error:
>>>> 
>>>> :notice:fetch --->  Attempting to fetch libressl-2.4.5.tar.gz from
>>>> https://ftp.openbsd.org/pub/OpenBSD/LibreSSL :debug:fetch Fetching
>>>> distfile failed: SSL peer handshake failed, the server most likely
>>>> requires a client certificate to connect
>>>> 
>>>> I can download the file manually with curl command, it recognizes
>>>> let’s encrypt certificate just fine. I wonder what command does port
>>>> uses for download?
>>> 
>>> MacPorts uses libcurl from the system. You probably used curl installed
>>> from MacPorts which would also use a SSL library from MacPorts. Try to
>>> replicate the problem with /usr/bin/curl.
>>> 
>>> This server supports only TLS 1.2, and many more servers are abolishing
>>> older TLS versions for good reasons. If you are using a macOS version
>>> equal or older than 10.7, the SecureTransport/OpenSSL library versions
>>> do not yet support TLS 1.2 and any attempt to connect will fail.
>>> 
>>> https://trac.macports.org/ticket/51516
>>> 
>>> On top of this, distfiles mirroring is known to be broken since we
>>> migrated away from macOS forge.
>>> 
>>> https://trac.macports.org/ticket/53347
>> 
>> I've manually added the file to our mirrors.
>> 
> 
> Thanks a lot, Ryan! Now port command successfully downloaded the dist file:
> 
> $ sudo port upgrade -d libressl
> --->  Fetching distfiles for libressl
> --->  Attempting to fetch libressl-2.4.5.tar.gz from https://distfiles.macports.org/libressl
> --->  Verifying checksums for libressl                                               
> --->  Extracting libressl
> --->  Applying patches to libressl
> --->  Configuring libressl
> --->  Building libressl
> --->  Staging libressl into destroot
> --->  Installing libressl @2.4.5_0
> --->  Cleaning libressl
> --->  Deactivating libressl @2.4.4_1
> --->  Cleaning libressl
> --->  Activating libressl @2.4.5_0
> --->  Cleaning libressl
> --->  Updating database of binaries
> --->  Scanning binaries for linking errors
> --->  No broken files found. 
> 
> I know, it is chicken and an egg problem, but would it be possible to rebuild port with libcurl 
> from the port? 

I don't think that's a good idea.

We should instead concentrate on getting our automated distfile mirroring back online so that it's not a problem anymore.

More information about the macports-users mailing list