On May 23, 2022, at 4:59 PM, Steven Smith <steve.t.sm...@gmail.com> wrote: >> What has changed between the time that the buildbot built the package and >> the time that the user installs it? > > The certs in curl-ca-bundle are updated regularly to clear out expired certs.
Does the existence of expired certs cause problems for privoxy (or does it just ignore them?) > Per the previous discussion, privoxy-pki-bundle uses these certs via a > depends_lib, and unless a port revision is added by hand, the port inevitably > will contain expired certs. > > The “solution” appears to be to bump the revision of privoxy-pki-bundle by > hand whenever curl-ca-bundle is updated. I’m trying to identify a more > automated and robust way of accomplishing that. There's not currently a more automated way of doing this in MacPorts, but there could be /or/ there might be another alternative. - MacPorts could grow a feature by which a port could specify that it needs to get rebuilt if something it depends on gets rebuilt (this would probably require another identifier along with epoch-version-revision or would require some magic behavior with one of the existing versioning numbers) - privoxy could be modified to be able to use the files as-installed by curl-ca-bundle - privoxy-pki-bundle could install a helper tool that can regen the files as needed when curl-ca-bundle files change - privoxy could be modified to use the MacOS Keychain and not need curl-ca-bundle ... there are probably other alternatives as well. So far, when people encounter this problem, there hasn't been enough motivation for anyone to build a MacPorts feature to support it (but I'd be happy to see one). -- Daniel J. Luke
