[MacPorts] #43172: Build of py27-setuptools fails on PPC Mac OS X 10.5.8 because of "certificate verify failed"
#43172: Build of py27-setuptools fails on PPC Mac OS X 10.5.8 because of "certificate verify failed" -----------------------------+-------------------------------- Reporter: Peter_Dyballa@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Keywords: | Port: py-setuptools -----------------------------+-------------------------------- {{{ DEBUG: Executing org.macports.fetch (py27-setuptools) ---> setuptools-3.4.1.tar.gz doesn't seem to exist in /opt/local/var/macports/distfiles/py-setuptools ---> Attempting to fetch setuptools-3.4.1.tar.gz from https://pypi.python.org/packages/source/s/setuptools/ DEBUG: Fetching distfile failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ---> Attempting to fetch setuptools-3.4.1.tar.gz from http://distfiles.macports.org/py-setuptools }}} -- Ticket URL: <https://trac.macports.org/ticket/43172> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: Build of py27-setuptools fails on PPC Mac OS X 10.5.8 because of "certificate verify failed" ------------------------------+------------------- Reporter: Peter_Dyballa@… | Owner: jmr@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------- Changes (by macsforever2000@…): * cc: jmr@… (removed) * owner: macports-tickets@… => jmr@… -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------- Reporter: Peter_Dyballa@… | Owner: jmr@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------- Changes (by jmr@…): * version: 2.2.1 => * component: ports => server/hosting Comment: We can’t update your certificate store, but the file should be downloaded onto the mirrors. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:2> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Changes (by jmr@…): * owner: jmr@… => skarulkar@… * cc: jmr@…, wsiegrist@… (added) -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by Peter_Dyballa@…): Replying to [comment:2 jmr@…]:
We can’t update your certificate store, but the file should be downloaded onto the mirrors.
What is my "certificate store"? I know of AppStore… -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:4> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by jmr@…): Replying to [comment:4 Peter_Dyballa@…]:
What is my "certificate store”?
That’s a bit of jargon, from the X.509 standard I believe. The short answer is it’s a set of stored certificates. In this case, specifically the set of root certificates that Apple designated as trustworthy and shipped with the OS (you can see them in Keychain Access under “System Roots” or similar name). Since Leopard is not longer getting updates, new root certificates are not being added, and apparently pypi is using a certificate signed by one such newer root certificate. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by spam@…): I also was having this problem, my workaround was to download https://pypi.python.org/packages/source/s/setuptools/setuptools-3.4.1.tar.gz and place it in /opt/local/var/macports/distfiles/py-setuptools/ I did this through another computer, but you could have done it through curl or wget. I think curl may need curl-ca-bundle installed to get the right "certificate store" to be able to be used, and wget may need to reference that ca-bundle. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:6> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by fmw@…): Replying to [comment:6 spam@…]: Thanks for the pointer, spam[[BR]] "sudo curl -k -O https://pypi.python.org/packages/source/s/setuptools/setuptools-3.4.1.tar.gz" [[BR]] worked for me -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:7> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by nad@…): On 10.5 Leopard, it looks like MacPorts base uses the system `curl` to download packages. Its certificate bundle is in `/usr/share/curl` and was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have the `curl` port installed: {{{ sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit }}} Your mileage may vary! -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:8> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by joao@…): Thanks, that fixed it for me. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:9> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: py-setuptools distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- Comment (by ryandesign@…): Has duplicate #43307. We also have #43180 tracking the general distfile mirroring problem. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:11> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: py-setuptools | ------------------------------+------------------------- -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:12> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | ------------------------------+------------------------- Changes (by jmr@…): * cc: GregoryEAllen@…, ryandesign@…, mojca@…, rico.nitrate@…, edwardsmoon@…, mcalhoun@… (added) * port: py-setuptools => -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:13> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: Normal | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | ------------------------------+------------------------- Comment (by egall@…): Replying to [comment:8 nad@…]:
On 10.5 Leopard, it looks like MacPorts base uses the system `curl` to download packages. Its certificate bundle is in `/usr/share/curl` and was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have the `curl` port installed:
{{{ sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit }}}
Your mileage may vary!
I was running into this issue on my PureDarwin vm the other day, because PureDarwin is based off of 10.5 Leopard, so it has the same system `curl` and curl certificate bundle ^(the bundle may look like it is newer, but that is only because the vm image was built more recently)^, and I can confirm that the fix mentioned here worked on that vm, too. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:14> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | ------------------------------+------------------------- Changes (by ryandesign@…): * priority: Normal => High -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:16> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | ------------------------------+------------------------- Comment (by Peter_Dyballa@…): Replying to [comment:14 egall@…]:
Replying to [comment:8 nad@…]:
On 10.5 Leopard, it looks like MacPorts base uses the system `curl` to download packages. Its certificate bundle is in `/usr/share/curl` and was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have the `curl` port installed:
{{{ sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system-backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit }}}
For me this fixes all reported issues.
What keeps me wondering is why I have a superfluous MacPorts curl installation which does not get used … -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:17> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | ------------------------------+------------------------- Comment (by ryandesign@…): Replying to [comment:17 Peter_Dyballa@…]:
Replying to [comment:14 egall@…]:
Replying to [comment:8 nad@…]:
On 10.5 Leopard, it looks like MacPorts base uses the system `curl` to download packages. Its certificate bundle is in `/usr/share/curl` and was last updated in 2007. What worked for me was to replace it with a copy of the MacPorts one assuming you have the `curl` port installed:
{{{ sudo sh cd /usr/share/curl cp -p curl-ca-bundle.crt curl-ca-bundle-out-of-date-system- backup.crt cp -p /opt/local/share/curl/curl-ca-bundle.crt . exit }}}
For me this fixes all reported issues.
It doesn't fix the fact that our distfiles mirror hasn't been mirroring our distfiles since March; our server admins need to figure out what's causing that and fix it.
What keeps me wondering is why I have a superfluous MacPorts curl installation which does not get used …
The command "`port installed depends:curl`" will show which of your installed ports depend on curl. If there aren't any, you can of course uninstall curl. MacPorts doesn't generally itself use the ports you installed because that can cause problems during upgrades, or if for any other reason that port becomes unusable. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:18> MacPorts <http://www.macports.org/> Ports system for OS X
#43172: distfiles are not being mirrored ------------------------------+------------------------- Reporter: Peter_Dyballa@… | Owner: skarulkar@… Type: defect | Status: closed Priority: High | Milestone: Component: server/hosting | Version: Resolution: fixed | Keywords: Port: | ------------------------------+------------------------- Changes (by cal@…): * status: new => closed * resolution: => fixed Comment: It seems distfile mirroring started working again 23-Apr-2014 07:38, e.g. for the wireshark port. -- Ticket URL: <https://trac.macports.org/ticket/43172#comment:19> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts