Opened 10 years ago
Closed 10 years ago
#43172 closed defect (fixed)
distfiles are not being mirrored
| Reported by: | ballapete (Peter "Pete" Dyballa) | Owned by: | skarulkar@… |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | server/hosting | Version: | |
| Keywords: | Cc: | jmroot (Joshua Root), wsiegrist@…, cooljeanius (Eric Gallager), GregoryEAllen (Greg Allen), ryandesign (Ryan Carsten Schmidt), mojca (Mojca Miklavec), rico.nitrate@…, edwardmoon (Edward Moon), MarcusCalhoun-Lopez (Marcus Calhoun-Lopez), petrrr | |
| Port: |
Description
DEBUG: Executing org.macports.fetch (py27-setuptools) ---> setuptools-3.4.1.tar.gz doesn't seem to exist in /opt/local/var/macports/distfiles/py-setuptools ---> Attempting to fetch setuptools-3.4.1.tar.gz from https://pypi.python.org/packages/source/s/setuptools/ DEBUG: Fetching distfile failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ---> Attempting to fetch setuptools-3.4.1.tar.gz from http://distfiles.macports.org/py-setuptools
Attachments (1)
Change History (20)
Changed 10 years ago by ballapete (Peter "Pete" Dyballa)
comment:1 Changed 10 years ago by mf2k (Frank Schima)
| Cc: | jmr@… removed |
|---|---|
| Owner: | changed from macports-tickets@… to jmr@… |
comment:2 follow-up: 4 Changed 10 years ago by jmroot (Joshua Root)
| Component: | ports → server/hosting |
|---|---|
| Summary: | Build of py27-setuptools fails on PPC Mac OS X 10.5.8 because of "certificate verify failed" → py-setuptools distfiles are not being mirrored |
| Version: | 2.2.1 |
We can’t update your certificate store, but the file should be downloaded onto the mirrors.
comment:3 Changed 10 years ago by jmroot (Joshua Root)
| Cc: | jmr@… wsiegrist@… added |
|---|---|
| Owner: | changed from jmr@… to skarulkar@… |
comment:4 follow-up: 5 Changed 10 years ago by ballapete (Peter "Pete" Dyballa)
Replying to jmr@…:
We can’t update your certificate store, but the file should be downloaded onto the mirrors.
What is my "certificate store"? I know of AppStore…
comment:5 Changed 10 years ago by jmroot (Joshua Root)
Replying to Peter_Dyballa@…:
What is my "certificate store”?
That’s a bit of jargon, from the X.509 standard I believe. The short answer is it’s a set of stored certificates. In this case, specifically the set of root certificates that Apple designated as trustworthy and shipped with the OS (you can see them in Keychain Access under “System Roots” or similar name). Since Leopard is not longer getting updates, new root certificates are not being added, and apparently pypi is using a certificate signed by one such newer root certificate.
comment:6 follow-up: 7 Changed 10 years ago by spam@…
I also was having this problem, my workaround was to download https://pypi.python.org/packages/source/s/setuptools/setuptools-3.4.1.tar.gz and place it in /opt/local/var/macports/distfiles/py-setuptools/
I did this through another computer, but you could have done it through curl or wget. I think curl may need curl-ca-bundle installed to get the right "certificate store" to be able to be used, and wget may need to reference that ca-bundle.
comment:7 Changed 10 years ago by potmj (Michael Pot)
Replying to spam@…:
Thanks for the pointer, spam
"sudo curl -k -O https://pypi.python.org/packages/source/s/setuptools/setuptools-3.4.1.tar.gz"
worked for me
comment:8 follow-ups: 9 14 Changed 10 years ago by ned-deily (Ned Deily)
On 10.5 Leopard, it looks like MacPorts base uses the system curl to download packages. Its certificate bundle is in /usr/share/curl and was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have the curl port installed:
sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit
Your mileage may vary!
comment:11 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
comment:12 Changed 10 years ago by jmroot (Joshua Root)
| Summary: | py-setuptools distfiles are not being mirrored → distfiles are not being mirrored |
|---|
comment:13 Changed 10 years ago by jmroot (Joshua Root)
| Cc: | GregoryEAllen@… ryandesign@… mojca@… rico.nitrate@… edwardsmoon@… mcalhoun@… added |
|---|---|
| Port: | py-setuptools removed |
comment:14 follow-up: 17 Changed 10 years ago by cooljeanius (Eric Gallager)
Replying to nad@…:
On 10.5 Leopard, it looks like MacPorts base uses the system
curlto download packages. Its certificate bundle is in/usr/share/curland was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have thecurlport installed:sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exitYour mileage may vary!
I was running into this issue on my PureDarwin vm the other day, because PureDarwin is based off of 10.5 Leopard, so it has the same system curl and curl certificate bundle (the bundle may look like it is newer, but that is only because the vm image was built more recently), and I can confirm that the fix mentioned here worked on that vm, too.
comment:16 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Priority: | Normal → High |
|---|
comment:17 follow-up: 18 Changed 10 years ago by ballapete (Peter "Pete" Dyballa)
Replying to egall@…:
Replying to nad@…:
On 10.5 Leopard, it looks like MacPorts base uses the system
curlto download packages. Its certificate bundle is in/usr/share/curland was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have thecurlport installed:sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit
For me this fixes all reported issues.
What keeps me wondering is why I have a superfluous MacPorts curl installation which does not get used …
comment:18 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Replying to Peter_Dyballa@…:
Replying to egall@…:
Replying to nad@…:
On 10.5 Leopard, it looks like MacPorts base uses the system
curlto download packages. Its certificate bundle is in/usr/share/curland was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have thecurlport installed:sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exitFor me this fixes all reported issues.
It doesn't fix the fact that our distfiles mirror hasn't been mirroring our distfiles since March; our server admins need to figure out what's causing that and fix it.
What keeps me wondering is why I have a superfluous MacPorts curl installation which does not get used …
The command "port installed depends:curl" will show which of your installed ports depend on curl. If there aren't any, you can of course uninstall curl.
MacPorts doesn't generally itself use the ports you installed because that can cause problems during upgrades, or if for any other reason that port becomes unusable.
comment:19 Changed 10 years ago by neverpanic (Clemens Lang)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
It seems distfile mirroring started working again 23-Apr-2014 07:38, e.g. for the wireshark port.
main.log