#64081 closed defect (duplicate)
Can't fetch anything from github on old macOS
| Reported by: | catap (Kirill A. Korinsky) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | mascguy (Christopher Nielsen) | |
| Port: |
Description
For example when I've tried to fetch any port from github, I can't do it.
---> Attempting to fetch ogre-13.2.0.tar.gz from https://codeload.github.com/OGRECave/ogre/tar.gz/refs/tags/v13.2.0?dummy=
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Change History (14)
comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)
| Cc: | mascguy added |
|---|
comment:2 Changed 3 years ago by mascguy (Christopher Nielsen)
comment:3 Changed 3 years ago by catap (Kirill A. Korinsky)
I can't because error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version means that remote server things that my SSL settings too weak. I can't do anything except of suggest to use different version of curl here.
Do you know how I can suggest port to use /opt/loca/bin/curl?
comment:4 Changed 3 years ago by mascguy (Christopher Nielsen)
Can you test with fetch.ignore_sslcert=yes, to see if it works?
comment:5 Changed 3 years ago by kencu (Ken)
see this ticket from 5 long years ago, in particular this post for a quickie fix and the one I made below it about /opt/bootstrap for a resiliant fix.
comment:6 Changed 3 years ago by catap (Kirill A. Korinsky)
Christopher I did and it doesn't change anything because fetch.ignore_sslcert adds curl level option which is irrelevant here :(
comment:7 Changed 3 years ago by catap (Kirill A. Korinsky)
So, here is no a magic env variable which I can define to suggest which curl should I use to fetch something? Maybe it isn't so bad idea to add?
comment:10 Changed 3 years ago by kencu (Ken)
macports does not use the curl binary, so setting it somehow is pointless
comment:11 Changed 3 years ago by catap (Kirill A. Korinsky)
Ken, I don't think that rebuild macports from scratch is a way solve an issue. Right now distributed version of MacPorts contains this issue.
comment:12 Changed 3 years ago by mascguy (Christopher Nielsen)
If you're simply trying to test a new/updated port, prior to PR submission, you can also workaround the issue by manually downloading the source archive.
Then copy it to ${prefix}/var/macports/distfiles/port_name/.
Note that port_name may vary a bit, and is specified via dist_subdir. Most ports use the default though, which is ${name}.
comment:13 Changed 3 years ago by kencu (Ken)
it's the ONLY way to solve the issue at present.
MacPorts refuses to bundle curl so far. port might be rewritten to optionally use a libcurl installed by macports if it is available, but that turned out to be a very big project indeed, for many reasons.
Please discuss further in the referenced ticket, which everyone follows for this problem, rather than here, which is duplicating everything needlesly
comment:14 Changed 3 years ago by kencu (Ken)
it takes 4 minutes to do....I have timed it.
It is not ideal, but it is quick and simple.
Please add your opinion to those who want to see curl bundled in #51516 I suggest, if you would like a more comprehensive fix.
While you ultimately may need to update your system root certs (and/or CAs), you can workaround the issue via the following MacPorts args:
archivefetch.ignore_sslcert=yesfetch.ignore_sslcert=yesSimilarly, when dealing with SSL errors for a livecheck, you can use:
livecheck.ignore_sslcert=yes