Opened 3 years ago
Last modified 17 months ago
#64143 new defect
memesuite: distfile mirroring fails
Reported by: | mascguy (Christopher Nielsen) | Owned by: | admin@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | server/hosting | Version: | 2.7.1 |
Keywords: | mirror | Cc: | |
Port: | memesuite |
Description
Mirroring of this port's distfiles appear to be failing everywhere, due to SSL cert chain errors.
Here's one example, for the Big Sur ARM mirror job:
https://build.macports.org/builders/jobs-mirror/builds/339899/steps/mirror/logs/stdio
---> Attempting to fetch meme-5.4.1.tar.gz from https://meme-suite.org/meme/meme-software/5.4.1 Error: Failed to mirror memesuite: SSL certificate problem: Invalid certificate chain Error: See /opt/local/var/buildmaster/build/prefix/var/macports/logs/_opt_local_var_buildworker_jobs_jobs-mirror_build_ports_science_memesuite/memesuite/main.log for details.
As a side-effect of the mirror failure, the buildbots attempt to fetch the distfiles from upstream. But this fails on 10.11 and earlier, with the same SSL issue:
---> Attempting to fetch meme-5.4.1.tar.gz from https://meme-suite.org/meme/meme-software/5.4.1 Error: Failed to fetch memesuite: SSL certificate problem: Invalid certificate chain
Change History (8)
comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)
Summary: | memsuite: distfile mirroring fails → memesuite: distfile mirroring fails |
---|
comment:2 follow-up: 3 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)
comment:3 follow-up: 4 Changed 3 years ago by mascguy (Christopher Nielsen)
Replying to ryandesign:
Sure. Add a
master_sites
to the port that has less-restictive SSL settings.
If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?
comment:4 follow-up: 5 Changed 3 years ago by mascguy (Christopher Nielsen)
Replying to mascguy:
Replying to ryandesign:
Sure. Add a
master_sites
to the port that has less-restictive SSL settings.If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?
FYI, I spent a few minutes looking for mirrors of upstream, without finding any obvious alternatives. But didn't spend much time on it, so there's a good chance that there's something else out there.
But if we ultimately find that there isn't another site, are there any workarounds - even if less-than-ideal - which we might want to employ for this port?
comment:5 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)
Replying to mascguy:
If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?
Because the mirror process happens on a machine running 10.11.
Replying to mascguy:
But if we ultimately find that there isn't another site, are there any workarounds - even if less-than-ideal - which we might want to employ for this port?
The workaround would be for me to manually fetch the file and put it on the server. I can do that in an emergency but I don't want to sign up for that duty long-term for each port update.
comment:6 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)
I didn't see another source for it either. I mirrored it manually.
comment:7 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)
I mirrored meme-5.5.1.tar.gz manually.
comment:8 Changed 17 months ago by ryandesign (Ryan Carsten Schmidt)
I mirrored meme-5.5.2.tar.gz and meme-5.5.3.tar.gz manually.
Sure. Add a
master_sites
to the port that has less-restictive SSL settings.