> On Feb 10, 2017, at 18:04, Kastus Shchuka <kas...@tprfct.net> wrote: > > On Fri, Feb 10, 2017 at 10:13:35AM -0600, Ryan Schmidt wrote: >> >>> On Feb 10, 2017, at 08:05, Rainer Müller <rai...@macports.org> wrote: >>> >>> On 2017-02-10 03:18, Kastus Shchuka wrote: >>>> I am trying to upgrade libressl (2.4.5), and as binary package is not >>>> available yet, port command attempts to build from source but fails >>>> to retrieve distfile. I am seeing 404 error from all mirrors, and >>>> from openbsd.org site I am getting this error: >>>> >>>> :notice:fetch ---> Attempting to fetch libressl-2.4.5.tar.gz from >>>> https://ftp.openbsd.org/pub/OpenBSD/LibreSSL :debug:fetch Fetching >>>> distfile failed: SSL peer handshake failed, the server most likely >>>> requires a client certificate to connect >>>> >>>> I can download the file manually with curl command, it recognizes >>>> let’s encrypt certificate just fine. I wonder what command does port >>>> uses for download? >>> >>> MacPorts uses libcurl from the system. You probably used curl installed >>> from MacPorts which would also use a SSL library from MacPorts. Try to >>> replicate the problem with /usr/bin/curl. >>> >>> This server supports only TLS 1.2, and many more servers are abolishing >>> older TLS versions for good reasons. If you are using a macOS version >>> equal or older than 10.7, the SecureTransport/OpenSSL library versions >>> do not yet support TLS 1.2 and any attempt to connect will fail. >>> >>> https://trac.macports.org/ticket/51516 >>> >>> On top of this, distfiles mirroring is known to be broken since we >>> migrated away from macOS forge. >>> >>> https://trac.macports.org/ticket/53347 >> >> I've manually added the file to our mirrors. >> > > Thanks a lot, Ryan! Now port command successfully downloaded the dist file: > > $ sudo port upgrade -d libressl > ---> Fetching distfiles for libressl > ---> Attempting to fetch libressl-2.4.5.tar.gz from > https://distfiles.macports.org/libressl > ---> Verifying checksums for libressl > > ---> Extracting libressl > ---> Applying patches to libressl > ---> Configuring libressl > ---> Building libressl > ---> Staging libressl into destroot > ---> Installing libressl @2.4.5_0 > ---> Cleaning libressl > ---> Deactivating libressl @2.4.4_1 > ---> Cleaning libressl > ---> Activating libressl @2.4.5_0 > ---> Cleaning libressl > ---> Updating database of binaries > ---> Scanning binaries for linking errors > ---> No broken files found. > > I know, it is chicken and an egg problem, but would it be possible to rebuild > port with libcurl > from the port?
I don't think that's a good idea. We should instead concentrate on getting our automated distfile mirroring back online so that it's not a problem anymore.
