failed synchro with selfupdate using svn version

[leclercfl@…]

macports was installed according to the section 2.3.3 (subversion install); after modifying the configuration file (/opt/local/etc/macports/sources.conf) the following command is issued and a synchronization error is obtained.

% sudo port -v selfupdate
--->  Updating MacPorts base sources using rsync
receiving file list ... done

sent 36 bytes  received 69 bytes  23.33 bytes/sec
total size is 4925440  speedup is 46908.95
receiving file list ... done

sent 36 bytes  received 76 bytes  32.00 bytes/sec
total size is 512  speedup is 4.57
MacPorts base version 2.2.99 installed,
MacPorts base version 2.2.0 downloaded.
--->  Updating the ports tree
Synchronizing local ports tree from file:///opt/mports/trunk/dports
svn: OPTIONS of 'https://svn.macports.org/repository/macports/trunk': Server certificate verification failed: issuer is not trusted (https://svn.macports.org)
Command failed: /usr/bin/svn update --non-interactive /Volumes/Ports/opt/mports/trunk/dports
Exit code: 1
Error: Synchronization of the local ports tree failed doing an svn update
Error: Couldn't sync the ports tree: Synchronization of 1 source(s) failed
To report a bug, follow the instructions in the guide:
    http://guide.macports.org/#project.tickets
Error: /opt/local/bin/port: port selfupdate failed: Couldn't sync the ports tree: Synchronization of 1 source(s) failed

[mf2k (Frank Schima)]

In the future, please use WikiFormatting.

[ryandesign (Ryan Carsten Schmidt)]

Has it ever worked?

Have you tried installing the MacPorts subversion port?

[leclercfl@…]

that's what I've done; the problem was described before: ​http://stackoverflow.com/questions/11751355/cannot-sync-with-macports-from-svn However, I couldn't manage to fix the problem with any of the two options given in the "stackoverflow" posts.

[raimue (Rainer Müller)]

This is a infamous bug in /usr/bin/svn from Mac OS X as shipped by Apple. If I remember correctly it's broken since Mac OS X 10.5 Lion. The only place where Apple ships certificates is in the Keychain, but they are not used by the installed Subversion client to validate certificates. There are some tutorials on the web on how to extract the certificates from Keychain and put them into the CA search path at /System/Library/OpenSSL/certs/.

You need to manually accept the certificate before you will be able to sync using over SSL with Subversion without a certificate validation error. Choosing permanently will store the fingerprint inside ~/.subversion/auth/svn.ssl.server/. Note that the sync command will be run as the user owning the ports tree directory specified in sources.conf, so the certificate needs to be accepted by that user.

Publishing the fingerprint for you to check here (as an alternative, you could also get it from your browser):

/usr/bin/svn info https://svn.macports.org/repository/macports
Error validating server certificate for 'https://svn.macports.org:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: *.macports.org
 - Valid: from Tue, 22 Feb 2011 17:29:43 GMT until Tue, 18 Mar 2014 23:36:56 GMT
 - Issuer: 07969287, http://certificates.godaddy.com/repository, GoDaddy.com, Inc., Scottsdale, Arizona, US
 - Fingerprint: 4d:ea:4a:77:55:ac:8e:2e:9e:11:8a:59:3d:ec:c7:45:7d:b0:72:19
(R)eject, accept (t)emporarily or accept (p)ermanently?

The subversion client distributed by the subversion port in MacPorts uses the curl-ca-bundle to validate certificates and therefore will not suffer from such problems. Installing this port will also solve this problem. However, for a new installation that is a chicken-and-egg problem if you want to sync using Subversion exclusively.

[ryandesign (Ryan Carsten Schmidt)]

Replying to raimue@…:

If I remember correctly it's broken since Mac OS X 10.5 Lion.

I think you mean OS X 10.7 Lion.

[larryv (Lawrence Velázquez)]

Replying to leclercfl@…:

However, I couldn't manage to fix the problem with any of the two options given in the "stackoverflow" posts.

The easiest thing to do is switch back to rsync, install the subversion port, and then switch back to the Subversion checkout. (Do note that you can’t use Apple’s Subversion to work with any repositories you check out or upgrade with MacPorts’ Subversion, since ours is newer.)

[neverpanic (Clemens Lang)]

There's nothing we can do about this defect in /usr/bin/svn. You'll just have to continue accepting certificates manually, unfortunately.

[cooljeanius (Eric Gallager)]

Cc Me!