Opened 7 years ago
Closed 7 years ago
#55509 closed defect (duplicate)
cyclic reference breaks upgrade: curl vs. libpsl
Reported by: | eiked | Owned by: | dbevans (David B. Evans) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.4.2 |
Keywords: | Cc: | ||
Port: | libpsl |
Description
Hello everyone at macports
I'd like to report a serious problem which breaks "port upgrade" on ppc machines (10.4/10.5) and possibly on 10.6 as well (not tested)
Please forward this to the maintainer of the libpsl port (devans@…)
This problem affects the basic workings of macports. I believe this to be *critical* (for upgrading old systems at least)
% port echo dependentof:libpsl curl wget
Aka, we need libpsl to upgrade curl, but we need a recent curl to retrieve libpsl (because libpsl needs to retrieve publicsuffix.zip from github in Portfile:post-extract)
My Suggestion: Please get rid of that post-extract curl, just include a copy of the most recent publicsuffix with the distribution, and put updating publicsuffix in a port on it's own. (see below)
*Description*
When trying to install libpsl @0.19.1_1 (net)
with macports version 2.4.2, on OSX Tiger or Leopard
- curl needs libpsl
- libpsl needs a recent curl
REASON:
curl fails to fetch:
https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
WORKAROUND:
- download the publicsuffix file manually. Modify the Portfile to use that
SUGGESTED FIX:
- provide the most recent publicsuffix file with libpsl
- extract publicsuffix into a separate port (like ca-certs)
- update publicsuffix upon successful curl/wget upgrade
- develop cron-publicsuffix-update for regular updates
---
*Details*
# port install libpsl Error: Failed to extract libpsl: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
which boils down to libpsl/Portfile:post-extract:
# /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/libpsl/Portfile set psl_data_dir ${workpath} set psl_data_commit 85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3 set psl_data_archive ${psl_data_commit}.zip set psl_data_url https://github.com/publicsuffix/list/archive post-extract { curl fetch ${psl_data_url}/${psl_data_archive} ${psl_data_dir}/${psl_data_archive} # [...]
Looks like the Tiger/Leopard /usr/bin/curl can't talk with github anymore:
# /usr/bin/curl https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
wget [wget @1.19.2_1+ssl (active)] from my modern machine shows this:
% wget -S https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip --2017-12-12 23:38:41-- https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip Loaded CA certificate '/opt/local/share/curl/curl-ca-bundle.crt' Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113 Connecting to github.com (github.com)|192.30.253.112|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 302 Found Server: GitHub.com Date: Tue, 12 Dec 2017 22:38:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Status: 302 Found Cache-Control: no-cache Vary: X-PJAX Location: https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3 X-UA-Compatible: IE=Edge,chrome=1 Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sat, 12 Dec 2037 22:38:42 -0000; secure; HttpOnly Set-Cookie: _gh_sess=eyJzZXNzaW9uX2lkIjoiZDVmNzg3N2ZkYWFjNjllOGFjYzUwODcyMTg0MzRlYTMiLCJsYXN0X3JlYWRfZnJvbV9yZXBsaWNhcyI6MTUxMzExODMyMjQxMCwic3B5X3JlcG8iOiJwdWJsaWNzdWZmaXgvbGlzdCIsInNweV9yZXBvX2F0IjoxNTEzMTE4MzIyfQ%3D%3D--3b45a9b275a488371002dacfb72fc5b8331cfc04; path=/; secure; HttpOnly X-Request-Id: cd69a52b401706e5ddb74a66c4a68e6d X-Runtime: 0.061032 Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com Strict-Transport-Security: max-age=31536000; includeSubdomains; preload Public-Key-Pins: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-Runtime-rack: 0.067516 X-GitHub-Request-Id: B669:4A62:13804D6:27CC5CA:5A305A72 Location: https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3 [following] --2017-12-12 23:38:42-- https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3 Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121 Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Content-Length: 94969 Access-Control-Allow-Origin: https://render.githubusercontent.com Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security: max-age=31536000 Vary: Authorization,Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block ETag: "85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3" Content-Type: application/zip Content-Disposition: attachment; filename=list-85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip X-Geo-Block-List: Date: Tue, 12 Dec 2017 22:38:43 GMT X-GitHub-Request-Id: 8463:0363:7C351:B0125:5A305A73 Length: 94969 (93K) [application/zip] Saving to: '85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1' 85fa8fbdf73a0f2fcf5 100%[===================>] 92.74K 276KB/s in 0.3s 2017-12-12 23:38:43 (276 KB/s) - '85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1' saved [94969/94969]
Change History (3)
comment:1 Changed 7 years ago by mf2k (Frank Schima)
Priority: | High → Normal |
---|
comment:2 Changed 7 years ago by mf2k (Frank Schima)
Keywords: | libpsl curl wget upgrade removed |
---|---|
Owner: | set to dbevans |
Status: | new → assigned |
In the future, please Cc the port maintainers.
comment:3 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
Resolution: | → duplicate |
---|---|
Status: | assigned → closed |
Duplicate of #55440.
The Priority field is for use by Macports team members only.