Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#64081 closed defect (duplicate)

Can't fetch anything from github on old macOS

Reported by: catap (Kirill A. Korinsky) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: mascguy (Christopher Nielsen)
Port:

Description

For example when I've tried to fetch any port from github, I can't do it.

--->  Attempting to fetch ogre-13.2.0.tar.gz from https://codeload.github.com/OGRECave/ogre/tar.gz/refs/tags/v13.2.0?dummy=

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Change History (14)

comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)

Cc: mascguy added

comment:2 Changed 3 years ago by mascguy (Christopher Nielsen)

While you ultimately may need to update your system root certs (and/or CAs), you can workaround the issue via the following MacPorts args:

  • archivefetch.ignore_sslcert=yes
  • fetch.ignore_sslcert=yes

Similarly, when dealing with SSL errors for a livecheck, you can use:

  • livecheck.ignore_sslcert=yes
Last edited 3 years ago by mascguy (Christopher Nielsen) (previous) (diff)

comment:3 Changed 3 years ago by catap (Kirill A. Korinsky)

I can't because error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version means that remote server things that my SSL settings too weak. I can't do anything except of suggest to use different version of curl here.

Do you know how I can suggest port to use /opt/loca/bin/curl?

comment:4 Changed 3 years ago by mascguy (Christopher Nielsen)

Can you test with fetch.ignore_sslcert=yes, to see if it works?

comment:5 Changed 3 years ago by kencu (Ken)

see this ticket from 5 long years ago, in particular this post for a quickie fix and the one I made below it about /opt/bootstrap for a resiliant fix.

https://trac.macports.org/ticket/51516#comment:19

comment:6 Changed 3 years ago by catap (Kirill A. Korinsky)

Christopher I did and it doesn't change anything because fetch.ignore_sslcert adds curl level option which is irrelevant here :(

comment:7 Changed 3 years ago by catap (Kirill A. Korinsky)

So, here is no a magic env variable which I can define to suggest which curl should I use to fetch something? Maybe it isn't so bad idea to add?

comment:8 Changed 3 years ago by kencu (Ken)

do what I suggested, your problems are solved

comment:9 Changed 3 years ago by kencu (Ken)

Resolution: duplicate
Status: newclosed

comment:10 Changed 3 years ago by kencu (Ken)

macports does not use the curl binary, so setting it somehow is pointless

comment:11 Changed 3 years ago by catap (Kirill A. Korinsky)

Ken, I don't think that rebuild macports from scratch is a way solve an issue. Right now distributed version of MacPorts contains this issue.

comment:12 Changed 3 years ago by mascguy (Christopher Nielsen)

If you're simply trying to test a new/updated port, prior to PR submission, you can also workaround the issue by manually downloading the source archive.

Then copy it to ${prefix}/var/macports/distfiles/port_name/.

Note that port_name may vary a bit, and is specified via dist_subdir. Most ports use the default though, which is ${name}.

comment:13 Changed 3 years ago by kencu (Ken)

it's the ONLY way to solve the issue.

MacPorts refuses to bundle curl so far.

Please discuss further in the referenced ticket, which everyone follows for this problem, rather than here, which is duplicating everything needlesly

Version 1, edited 3 years ago by kencu (Ken) (previous) (next) (diff)

comment:14 Changed 3 years ago by kencu (Ken)

it takes 4 minutes to do....I have timed it.

It is not ideal, but it is quick and simple.

Please add your opinion to those who want to see curl bundled in #51516 I suggest, if you would like a more comprehensive fix.

Last edited 3 years ago by kencu (Ken) (previous) (diff)
Note: See TracTickets for help on using tickets.