I just started a build on a 2011 Macbook Air with Mac OS High Sierra. Fetching of libressl fails with: curl -f -L -O https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.4.tar.gz curl: (60) SSL certificate problem: certificate has expired Given it managed to compile make, sed etc. I'm guessing it's hitting the LetsEncrypt DST Root CA X3 Expiration (September 2021) issue. I just replaced https with http and bumped it to 3.2.7 in the meantime. What's worse, I think, is that the script moves on with this failure and compiles wget without SSL support because libressl doesn't exist. When it tries to download xz, even though the URI is http, the upstream redirects it to https, wget bails out saying that SSL support isn't compiled, any you're stuck in a perpetual cycle of not being able to download xz: wget http://distfiles.prefix.bitzolder.nl/prefix/distfiles/xz-5.2.4.tar --2021-10-12 21:08:36-- http://distfiles.prefix.bitzolder.nl/prefix/distfiles/xz-5.2.4.tar Resolving distfiles.prefix.bitzolder.nl... 45.95.64.8 Connecting to distfiles.prefix.bitzolder.nl|45.95.64.8|:80... connected. HTTP request sent, awaiting response... 302 Look Elsewhere Location: https://distfiles.prefix.bitzolder.nl/prefix/distfiles/73/xz-5.2.4.tar [following] https://distfiles.prefix.bitzolder.nl/prefix/distfiles/73/xz-5.2.4.tar: HTTPS support not compiled in. I wonder if it's a better idea to modify the efetch logic so that it skips wget if SSL support isn't compiled in.
I could have distfiles.p.b.n not redirect to https when the source wasn't https. Hmmm...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=7794c9a763b6b627dc6b28530a2a5c7659209a70 commit 7794c9a763b6b627dc6b28530a2a5c7659209a70 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-30 18:19:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-30 18:19:09 +0000 bootstrap-prefix.sh: bump LibreSSL Bug: https://bugs.gentoo.org/817914 Signed-off-by: Sam James <sam@gentoo.org> scripts/bootstrap-prefix.sh | 2 ++ 1 file changed, 2 insertions(+)
(Bumped LibreSSL at least as it was overdue, although not strictly related.)
I bootstrapped on High Sierra 2 days ago, it did encounter some CA issues, but its interactions with prefix.b.n were OK cert-wise (I've updated the cert to use the new root). I'm hoping this is sorted now.