Curl certificate issue with Pkg3 on Mac

Hey,

I am running into a problem with a FFMPEG dependency on Mac.

(v1.3) pkg> build FFMPEG

returns

┌ Error: Error building `FFMPEG`:
│ [ Info: Downloading https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz to /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/usr/downloads/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz...
│ ERROR: LoadError: LoadError: Could not download https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz to /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/usr/downloads/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz:
│ ErrorException("")
│ Stacktrace:
│  [1] error(::String) at ./error.jl:33
│  [2] #download#89(::Bool, ::typeof(BinaryProvider.download), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:502
│  [3] #download at ./none:0 [inlined]
│  [4] #download_verify#90(::Bool, ::Bool, ::Bool, ::typeof(download_verify), ::String, ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:571
│  [5] #download_verify at ./tuple.jl:0 [inlined]
│  [6] #install#129(::Prefix, ::String, ::Bool, ::Bool, ::Bool, ::typeof(install), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/Prefix.jl:314
│  [7] (::BinaryProvider.var"#kw##install")(::NamedTuple{(:prefix, :force, :verbose),Tuple{Prefix,Bool,Bool}}, ::typeof(install), ::String, ::String) at ./tuple.jl:0
│  [8] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:44
│  [9] include at ./boot.jl:328 [inlined]
│  [10] include_relative(::Module, ::String) at ./loading.jl:1105
│  [11] include at ./Base.jl:31 [inlined]
│  [12] include(::String) at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:44
│  [13] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:45
│  [14] include at ./boot.jl:328 [inlined]
│  [15] include_relative(::Module, ::String) at ./loading.jl:1105
│  [16] include(::Module, ::String) at ./Base.jl:31
│  [17] include(::String) at ./client.jl:424
│  [18] top-level scope at none:5
│ in expression starting at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:42
│ in expression starting at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:38
│ caused by [exception 1]
│
│ Stacktrace:
│  [1] error() at ./error.jl:42
│  [2] #download#89(::Bool, ::typeof(BinaryProvider.download), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:496
│  [3] #download at ./none:0 [inlined]
│  [4] #download_verify#90(::Bool, ::Bool, ::Bool, ::typeof(download_verify), ::String, ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:571
│  [5] #download_verify at ./tuple.jl:0 [inlined]
│  [6] #install#129(::Prefix, ::String, ::Bool, ::Bool, ::Bool, ::typeof(install), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/Prefix.jl:314
│  [7] (::BinaryProvider.var"#kw##install")(::NamedTuple{(:prefix, :force, :verbose),Tuple{Prefix,Bool,Bool}}, ::typeof(install), ::String, ::String) at ./tuple.jl:0
│  [8] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:44
│  [9] include at ./boot.jl:328 [inlined]
│  [10] include_relative(::Module, ::String) at ./loading.jl:1105
│  [11] include at ./Base.jl:31 [inlined]
│  [12] include(::String) at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:44
│  [13] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:45
│  [14] include at ./boot.jl:328 [inlined]
│  [15] include_relative(::Module, ::String) at ./loading.jl:1105
│  [16] include(::Module, ::String) at ./Base.jl:31
│  [17] include(::String) at ./client.jl:424
│  [18] top-level scope at none:5
│ [11:00:36]
│ [11:00:36] curl: (51) Cert verify failed: BADCERT_NOT_TRUSTED
└ @ Pkg.Operations /Users/sabae/buildbot/worker/package_macos64/build/usr/share/julia/stdlib/v1.3/Pkg/src/backwards_compatible_isolation.jl:649

I can use my system curl to download the file in question without any problems. Not quite sure where something goes wrong here - any ideas?

Best,

Kevin

Edit: to add to my confusion, everything works fine with FFMPEG@0.2.3 instead of the current 0.2.4; Is this an FFMPEG problem?

2 Likes

You may find something useful https://discourse.julialang.org/t/problem-with-curl-exe-windows-and-package-installation here.

I don’t have a Mac to check it.

The answer by Sijun is probably most helpfull for you:

You have to check, how this is done on MAC, but is probably the same as in Linux.

hey thanks for the quick responses - so the idea is to gloablly disable certificate checking for my system curl? Doesn’t sound like something that should be necessary on mac/windows - shouldn’t this become a proper issue in Pkg.jl (is that the right place to put it)? Still havent quite understood the problem.

Its not a Pkg issue.
Its either an issue of curl (e.g. Windows ships with a special version in c:\windows\system32\curl.exe) or its an issue with the certificate of the source web page.
As the download URL is

https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz

It is probably something with the curl on your system.

Anyways the workaround should only be set temporarily.

Okay, seems to do the trick.

I first installed curl via homebrew (not sure whether that is necessary, make sure its in the path before system curl which homebrew doesnt do automatically)

then it is simply a matter of creating/modifying your curl config e.g. using atom

atom $HOME/.curlrc

and appending the line

insecure

save, quit all terminals and now I can build FFMPEG@0.2.4

@oheil - since it is not an Pkg3 issue - is it a FFMPEG issue then? Hm, I did not have a user-level curl config before and the vanilla homebrew version alone did not resolve it either - so it is a certificate problem but why? Seems to happend to a few people…

3 Likes

The general solution for future Julia/Pkg ist discussed here:

The issue with curl (and other download variants like powershell for windows) is more complex and I don’t know an exact single explanation what the problem is. In this complex there are e.g. proxy problems and there is e.g. the TLS version problem (Git does not work with TLS < 1.2, maybe this is your specific issue. You may check if TLS 1.1 is still default for your OS).

The best overall workaround for now is the “insecure” option, which should be out-commented after installation.

This solution worked for me on macOS Mojave.

I was running in to issues when trying to add the Flux package.

Unable to automatically install ‘OpenSpecFun’

Also something to do with curl not accepting certificate.

I had the same problem with libiconv. The insecure workaround worked.