Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#64081 closed defect (duplicate)

Can't fetch anything from github on old macOS

Reported by: catap (Kirill A. Korinsky) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: mascguy (Christopher Nielsen)
Port:

Description

For example when I've tried to fetch any port from github, I can't do it.

--->  Attempting to fetch ogre-13.2.0.tar.gz from https://codeload.github.com/OGRECave/ogre/tar.gz/refs/tags/v13.2.0?dummy=

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Change History (14)

comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)

Cc: mascguy added

comment:2 Changed 3 years ago by mascguy (Christopher Nielsen)

While you ultimately may need to update your system root certs (and/or CAs), you can workaround the issue via the following MacPorts args:

  • archivefetch.ignore_sslcert=yes
  • fetch.ignore_sslcert=yes

Similarly, when dealing with SSL errors for a livecheck, you can use:

  • livecheck.ignore_sslcert=yes
Last edited 3 years ago by mascguy (Christopher Nielsen) (previous) (diff)

comment:3 Changed 3 years ago by catap (Kirill A. Korinsky)

I can't because error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version means that remote server things that my SSL settings too weak. I can't do anything except of suggest to use different version of curl here.

Do you know how I can suggest port to use /opt/loca/bin/curl?

comment:4 Changed 3 years ago by mascguy (Christopher Nielsen)

Can you test with fetch.ignore_sslcert=yes, to see if it works?

comment:5 Changed 3 years ago by kencu (Ken)

see this ticket from 5 long years ago, in particular this post for a quickie fix and the one I made below it about /opt/bootstrap for a resiliant fix.

https://trac.macports.org/ticket/51516#comment:19

comment:6 Changed 3 years ago by catap (Kirill A. Korinsky)

Christopher I did and it doesn't change anything because fetch.ignore_sslcert adds curl level option which is irrelevant here :(

comment:7 Changed 3 years ago by catap (Kirill A. Korinsky)

So, here is no a magic env variable which I can define to suggest which curl should I use to fetch something? Maybe it isn't so bad idea to add?

comment:8 Changed 3 years ago by kencu (Ken)

do what I suggested, your problems are solved

comment:9 Changed 3 years ago by kencu (Ken)

Resolution: duplicate
Status: newclosed

comment:10 Changed 3 years ago by kencu (Ken)

macports does not use the curl binary, so setting it somehow is pointless

comment:11 Changed 3 years ago by catap (Kirill A. Korinsky)

Ken, I don't think that rebuild macports from scratch is a way solve an issue. Right now distributed version of MacPorts contains this issue.

comment:12 Changed 3 years ago by mascguy (Christopher Nielsen)

If you're simply trying to test a new/updated port, prior to PR submission, you can also workaround the issue by manually downloading the source archive.

Then copy it to ${prefix}/var/macports/distfiles/port_name/.

Note that port_name may vary a bit, and is specified via dist_subdir. Most ports use the default though, which is ${name}.

comment:13 Changed 3 years ago by kencu (Ken)

it's the ONLY way to solve the issue at present.

MacPorts refuses to bundle curl so far. port might be rewritten to optionally use a libcurl installed by macports if it is available, but that turned out to be a very big project indeed, for many reasons.

Please discuss further in the referenced ticket, which everyone follows for this problem, rather than here, which is duplicating everything needlesly

Last edited 3 years ago by kencu (Ken) (previous) (diff)

comment:14 Changed 3 years ago by kencu (Ken)

it takes 4 minutes to do....I have timed it.

It is not ideal, but it is quick and simple.

Please add your opinion to those who want to see curl bundled in #51516 I suggest, if you would like a more comprehensive fix.

Last edited 3 years ago by kencu (Ken) (previous) (diff)
Note: See TracTickets for help on using tickets.