Opened 7 years ago

Closed 7 years ago

#55509 closed defect (duplicate)

cyclic reference breaks upgrade: curl vs. libpsl

Reported by: eiked Owned by: dbevans (David B. Evans)
Priority: Normal Milestone:
Component: ports Version: 2.4.2
Keywords: Cc:
Port: libpsl

Description

Hello everyone at macports

I'd like to report a serious problem which breaks "port upgrade" on ppc machines (10.4/10.5) and possibly on 10.6 as well (not tested)

Please forward this to the maintainer of the libpsl port (devans@…)

This problem affects the basic workings of macports. I believe this to be *critical* (for upgrading old systems at least)

 % port echo dependentof:libpsl
curl                            
wget                            

Aka, we need libpsl to upgrade curl, but we need a recent curl to retrieve libpsl (because libpsl needs to retrieve publicsuffix.zip from github in Portfile:post-extract)

My Suggestion: Please get rid of that post-extract curl, just include a copy of the most recent publicsuffix with the distribution, and put updating publicsuffix in a port on it's own. (see below)

*Description*

When trying to install libpsl @0.19.1_1 (net)

with macports version 2.4.2, on OSX Tiger or Leopard

  • curl needs libpsl
  • libpsl needs a recent curl

REASON:

curl fails to fetch:

https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip

WORKAROUND:

  • download the publicsuffix file manually. Modify the Portfile to use that

SUGGESTED FIX:

  • provide the most recent publicsuffix file with libpsl
  • extract publicsuffix into a separate port (like ca-certs)
  • update publicsuffix upon successful curl/wget upgrade
  • develop cron-publicsuffix-update for regular updates

---

*Details*

# port install libpsl

Error: Failed to extract libpsl: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

which boils down to libpsl/Portfile:post-extract:

# /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/libpsl/Portfile

set psl_data_dir        ${workpath}
set psl_data_commit     85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
set psl_data_archive    ${psl_data_commit}.zip
set psl_data_url        https://github.com/publicsuffix/list/archive

post-extract {
    curl fetch ${psl_data_url}/${psl_data_archive} ${psl_data_dir}/${psl_data_archive}
# [...]

Looks like the Tiger/Leopard /usr/bin/curl can't talk with github anymore:

# /usr/bin/curl https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

wget [wget @1.19.2_1+ssl (active)] from my modern machine shows this:

% wget -S https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
--2017-12-12 23:38:41--  https://github.com/publicsuffix/list/archive/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
Loaded CA certificate '/opt/local/share/curl/curl-ca-bundle.crt'
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 302 Found
  Server: GitHub.com
  Date: Tue, 12 Dec 2017 22:38:42 GMT
  Content-Type: text/html; charset=utf-8
  Transfer-Encoding: chunked
  Status: 302 Found
  Cache-Control: no-cache
  Vary: X-PJAX
  Location: https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
  X-UA-Compatible: IE=Edge,chrome=1
  Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sat, 12 Dec 2037 22:38:42 -0000; secure; HttpOnly
  Set-Cookie: _gh_sess=eyJzZXNzaW9uX2lkIjoiZDVmNzg3N2ZkYWFjNjllOGFjYzUwODcyMTg0MzRlYTMiLCJsYXN0X3JlYWRfZnJvbV9yZXBsaWNhcyI6MTUxMzExODMyMjQxMCwic3B5X3JlcG8iOiJwdWJsaWNzdWZmaXgvbGlzdCIsInNweV9yZXBvX2F0IjoxNTEzMTE4MzIyfQ%3D%3D--3b45a9b275a488371002dacfb72fc5b8331cfc04; path=/; secure; HttpOnly
  X-Request-Id: cd69a52b401706e5ddb74a66c4a68e6d
  X-Runtime: 0.061032
  Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
  Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
  Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
  Public-Key-Pins: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains
  X-Content-Type-Options: nosniff
  X-Frame-Options: deny
  X-XSS-Protection: 1; mode=block
  X-Runtime-rack: 0.067516
  X-GitHub-Request-Id: B669:4A62:13804D6:27CC5CA:5A305A72
Location: https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3 [following]
--2017-12-12 23:38:42--  https://codeload.github.com/publicsuffix/list/zip/85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 200 OK
  Content-Length: 94969
  Access-Control-Allow-Origin: https://render.githubusercontent.com
  Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
  Strict-Transport-Security: max-age=31536000
  Vary: Authorization,Accept-Encoding
  X-Content-Type-Options: nosniff
  X-Frame-Options: deny
  X-XSS-Protection: 1; mode=block
  ETag: "85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3"
  Content-Type: application/zip
  Content-Disposition: attachment; filename=list-85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip
  X-Geo-Block-List: 
  Date: Tue, 12 Dec 2017 22:38:43 GMT
  X-GitHub-Request-Id: 8463:0363:7C351:B0125:5A305A73
Length: 94969 (93K) [application/zip]
Saving to: '85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1'

85fa8fbdf73a0f2fcf5 100%[===================>]  92.74K   276KB/s    in 0.3s    

2017-12-12 23:38:43 (276 KB/s) - '85fa8fbdf73a0f2fcf5f4790c204394557dfbaf3.zip.1' saved [94969/94969]

Change History (3)

comment:1 Changed 7 years ago by mf2k (Frank Schima)

Priority: HighNormal

The Priority field is for use by Macports team members only.

comment:2 Changed 7 years ago by mf2k (Frank Schima)

Keywords: libpsl curl wget upgrade removed
Owner: set to dbevans
Status: newassigned

In the future, please Cc the port maintainers.

Last edited 7 years ago by mf2k (Frank Schima) (previous) (diff)

comment:3 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: duplicate
Status: assignedclosed

Duplicate of #55440.

Note: See TracTickets for help on using tickets.