GNOME Bugzilla – Bug 777217
osx: curl fails to download nettle tarball from https://ftp.gnu.org without certification
Last modified: 2017-01-13 20:21:57 UTC
Created attachment 343431 [details] [review] nettle: use http instead of https tarball location On OSX, tarball downloads are handled by curl using insecure downloads (using the "-k" parameter). However, downloading nettle tarballs from the https resource fails with an error: curl -k -L https://ftp.gnu.org/gnu/nettle/nettle-3.3.tar.gz -o ~/nettle-3.3.tar.gz curl: (56) SSLRead() return error -9841 This currently breaks the build on OSX. Note that on Linux the same command would work. Using secure downloads by omitting the "-k" would also work on OSX. So one solution would be to simply turn on secure downloads for all dependencies on OSX, and hope for the best. Another option to solve this, is to simply use http instead of https for nettle. All other recipes currently downloading from gtp.gnu.org are downloading over http, if I'm not mistaken. I have therefore attached the patch for the latter workaround.
Comment on attachment 343431 [details] [review] nettle: use http instead of https tarball location Yes, and in addition we should have checksums for the tarballs embedded into the recipes. Which is on the todo list since a long time now and we should really get to that.
commit d2f5da3b955d04a76781f6de31f5f15a2447a2d5 Author: Heinrich Fink <hfink@toolsonair.com> Date: Fri Jan 13 14:51:57 2017 +0100 nettle: Use http instead of https to download tarballs On OSX curl would otherwise fail to download from https://ftp.gnu.org with its current default behavior of performing insecure downloads. https://bugzilla.gnome.org/show_bug.cgi?id=777217