Opened 3 years ago

Last modified 17 months ago

#64143 new defect

memesuite: distfile mirroring fails

Reported by: mascguy (Christopher Nielsen) Owned by: admin@…
Priority: Normal Milestone:
Component: server/hosting Version: 2.7.1
Keywords: mirror Cc:
Port: memesuite

Description

Mirroring of this port's distfiles appear to be failing everywhere, due to SSL cert chain errors.

Here's one example, for the Big Sur ARM mirror job:

https://build.macports.org/builders/jobs-mirror/builds/339899/steps/mirror/logs/stdio

--->  Attempting to fetch meme-5.4.1.tar.gz from https://meme-suite.org/meme/meme-software/5.4.1
Error: Failed to mirror memesuite: SSL certificate problem: Invalid certificate chain
Error: See /opt/local/var/buildmaster/build/prefix/var/macports/logs/_opt_local_var_buildworker_jobs_jobs-mirror_build_ports_science_memesuite/memesuite/main.log for details.

As a side-effect of the mirror failure, the buildbots attempt to fetch the distfiles from upstream. But this fails on 10.11 and earlier, with the same SSL issue:

https://build.macports.org/builders/ports-10.11_x86_64-builder/builds/163022/steps/install-port/logs/stdio

--->  Attempting to fetch meme-5.4.1.tar.gz from https://meme-suite.org/meme/meme-software/5.4.1
Error: Failed to fetch memesuite: SSL certificate problem: Invalid certificate chain

https://ports.macports.org/port/memesuite/builds/

Change History (8)

comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)

Summary: memsuite: distfile mirroring failsmemesuite: distfile mirroring fails

comment:2 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

Sure. Add a master_sites to the port that has less-restictive SSL settings.

comment:3 in reply to:  2 ; Changed 3 years ago by mascguy (Christopher Nielsen)

Replying to ryandesign:

Sure. Add a master_sites to the port that has less-restictive SSL settings.

If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?

comment:4 in reply to:  3 ; Changed 3 years ago by mascguy (Christopher Nielsen)

Replying to mascguy:

Replying to ryandesign:

Sure. Add a master_sites to the port that has less-restictive SSL settings.

If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?

FYI, I spent a few minutes looking for mirrors of upstream, without finding any obvious alternatives. But didn't spend much time on it, so there's a good chance that there's something else out there.

But if we ultimately find that there isn't another site, are there any workarounds - even if less-than-ideal - which we might want to employ for this port?

Last edited 3 years ago by mascguy (Christopher Nielsen) (previous) (diff)

comment:5 in reply to:  4 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

Replying to mascguy:

If the SSL on the upstream site is "too restrictive," why do fetches succeed within the build jobs (at least for 10.12 and later), but not for the mirror processes?

Because the mirror process happens on a machine running 10.11.

Replying to mascguy:

But if we ultimately find that there isn't another site, are there any workarounds - even if less-than-ideal - which we might want to employ for this port?

The workaround would be for me to manually fetch the file and put it on the server. I can do that in an emergency but I don't want to sign up for that duty long-term for each port update.

comment:6 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

I didn't see another source for it either. I mirrored it manually.

comment:7 Changed 21 months ago by ryandesign (Ryan Carsten Schmidt)

I mirrored meme-5.5.1.tar.gz manually.

comment:8 Changed 17 months ago by ryandesign (Ryan Carsten Schmidt)

I mirrored meme-5.5.2.tar.gz and meme-5.5.3.tar.gz manually.

Note: See TracTickets for help on using tickets.