#64081 closed defect (duplicate)
Can't fetch anything from github on old macOS
| Reported by: | catap (Kirill A. Korinsky) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | mascguy (Christopher Nielsen) | |
| Port: |
Description
For example when I've tried to fetch any port from github, I can't do it.
---> Attempting to fetch ogre-13.2.0.tar.gz from https://codeload.github.com/OGRECave/ogre/tar.gz/refs/tags/v13.2.0?dummy=
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Change History (14)
comment:1 Changed 2 years ago by mascguy (Christopher Nielsen)
| Cc: | mascguy added |
|---|
comment:2 Changed 2 years ago by mascguy (Christopher Nielsen)
comment:3 Changed 2 years ago by catap (Kirill A. Korinsky)
I can't because error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version means that remote server things that my SSL settings too weak. I can't do anything except of suggest to use different version of curl here.
Do you know how I can suggest port to use /opt/loca/bin/curl?
comment:4 Changed 2 years ago by mascguy (Christopher Nielsen)
Can you test with fetch.ignore_sslcert=yes, to see if it works?
comment:5 Changed 2 years ago by kencu (Ken)
see this ticket from 5 long years ago, in particular this post for a quickie fix and the one I made below it about /opt/bootstrap for a resiliant fix.
comment:6 Changed 2 years ago by catap (Kirill A. Korinsky)
Christopher I did and it doesn't change anything because fetch.ignore_sslcert adds curl level option which is irrelevant here :(
comment:7 Changed 2 years ago by catap (Kirill A. Korinsky)
So, here is no a magic env variable which I can define to suggest which curl should I use to fetch something? Maybe it isn't so bad idea to add?
comment:10 Changed 2 years ago by kencu (Ken)
macports does not use the curl binary, so setting it somehow is pointless
comment:11 Changed 2 years ago by catap (Kirill A. Korinsky)
Ken, I don't think that rebuild macports from scratch is a way solve an issue. Right now distributed version of MacPorts contains this issue.
comment:12 Changed 2 years ago by mascguy (Christopher Nielsen)
If you're simply trying to test a new/updated port, prior to PR submission, you can also workaround the issue by manually downloading the source archive.
Then copy it to ${prefix}/var/macports/distfiles/port_name/.
Note that port_name may vary a bit, and is specified via dist_subdir. Most ports use the default though, which is ${name}.
comment:13 Changed 2 years ago by kencu (Ken)
it's the ONLY way to solve the issue.
MacPorts refuses to bundle curl so far.
Please discuss further in the referenced ticket, which everyone follows for this problem, rather than here, which is duplicating everything needlesly
comment:14 Changed 2 years ago by kencu (Ken)
it takes 4 minutes to do....I have timed it.
It is not ideal, but it is quick and simple.
Please add your opinion to those who want to see curl bundled in #51516 I suggest, if you would like a more comprehensive fix.
While you ultimately may need to update your system root certs (and/or CAs), you can workaround the issue via the following MacPorts args:
archivefetch.ignore_sslcert=yesfetch.ignore_sslcert=yesSimilarly, when dealing with SSL errors for a livecheck, you can use:
livecheck.ignore_sslcert=yes