Curl certificate issue with Pkg3 on Mac

kkmann · January 13, 2020, 11:03am

Hey,

I am running into a problem with a FFMPEG dependency on Mac.

(v1.3) pkg> build FFMPEG

returns

┌ Error: Error building `FFMPEG`:
│ [ Info: Downloading https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz to /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/usr/downloads/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz...
│ ERROR: LoadError: LoadError: Could not download https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz to /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/usr/downloads/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz:
│ ErrorException("")
│ Stacktrace:
│  [1] error(::String) at ./error.jl:33
│  [2] #download#89(::Bool, ::typeof(BinaryProvider.download), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:502
│  [3] #download at ./none:0 [inlined]
│  [4] #download_verify#90(::Bool, ::Bool, ::Bool, ::typeof(download_verify), ::String, ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:571
│  [5] #download_verify at ./tuple.jl:0 [inlined]
│  [6] #install#129(::Prefix, ::String, ::Bool, ::Bool, ::Bool, ::typeof(install), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/Prefix.jl:314
│  [7] (::BinaryProvider.var"#kw##install")(::NamedTuple{(:prefix, :force, :verbose),Tuple{Prefix,Bool,Bool}}, ::typeof(install), ::String, ::String) at ./tuple.jl:0
│  [8] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:44
│  [9] include at ./boot.jl:328 [inlined]
│  [10] include_relative(::Module, ::String) at ./loading.jl:1105
│  [11] include at ./Base.jl:31 [inlined]
│  [12] include(::String) at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:44
│  [13] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:45
│  [14] include at ./boot.jl:328 [inlined]
│  [15] include_relative(::Module, ::String) at ./loading.jl:1105
│  [16] include(::Module, ::String) at ./Base.jl:31
│  [17] include(::String) at ./client.jl:424
│  [18] top-level scope at none:5
│ in expression starting at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:42
│ in expression starting at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:38
│ caused by [exception 1]
│
│ Stacktrace:
│  [1] error() at ./error.jl:42
│  [2] #download#89(::Bool, ::typeof(BinaryProvider.download), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:496
│  [3] #download at ./none:0 [inlined]
│  [4] #download_verify#90(::Bool, ::Bool, ::Bool, ::typeof(download_verify), ::String, ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/PlatformEngines.jl:571
│  [5] #download_verify at ./tuple.jl:0 [inlined]
│  [6] #install#129(::Prefix, ::String, ::Bool, ::Bool, ::Bool, ::typeof(install), ::String, ::String) at /Users/kevin/.julia/packages/BinaryProvider/kcGxO/src/Prefix.jl:314
│  [7] (::BinaryProvider.var"#kw##install")(::NamedTuple{(:prefix, :force, :verbose),Tuple{Prefix,Bool,Bool}}, ::typeof(install), ::String, ::String) at ./tuple.jl:0
│  [8] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build_Bzip2.v1.0.6.jl:44
│  [9] include at ./boot.jl:328 [inlined]
│  [10] include_relative(::Module, ::String) at ./loading.jl:1105
│  [11] include at ./Base.jl:31 [inlined]
│  [12] include(::String) at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:44
│  [13] top-level scope at /Users/kevin/.julia/packages/FFMPEG/guN1x/deps/build.jl:45
│  [14] include at ./boot.jl:328 [inlined]
│  [15] include_relative(::Module, ::String) at ./loading.jl:1105
│  [16] include(::Module, ::String) at ./Base.jl:31
│  [17] include(::String) at ./client.jl:424
│  [18] top-level scope at none:5
│ [11:00:36]
│ [11:00:36] curl: (51) Cert verify failed: BADCERT_NOT_TRUSTED
└ @ Pkg.Operations /Users/sabae/buildbot/worker/package_macos64/build/usr/share/julia/stdlib/v1.3/Pkg/src/backwards_compatible_isolation.jl:649

I can use my system curl to download the file in question without any problems. Not quite sure where something goes wrong here - any ideas?

Best,

Kevin

Edit: to add to my confusion, everything works fine with FFMPEG@0.2.3 instead of the current 0.2.4; Is this an FFMPEG problem?

Iagoba_Apellaniz · January 13, 2020, 11:29am

You may find something useful https://discourse.julialang.org/t/problem-with-curl-exe-windows-and-package-installation here.

I don’t have a Mac to check it.

oheil · January 13, 2020, 11:44am

The answer by Sijun is probably most helpfull for you:

oheil · January 13, 2020, 11:44am

You have to check, how this is done on MAC, but is probably the same as in Linux.

kkmann · January 13, 2020, 11:47am

hey thanks for the quick responses - so the idea is to gloablly disable certificate checking for my system curl? Doesn’t sound like something that should be necessary on mac/windows - shouldn’t this become a proper issue in Pkg.jl (is that the right place to put it)? Still havent quite understood the problem.

oheil · January 13, 2020, 11:54am

Its not a Pkg issue.
Its either an issue of curl (e.g. Windows ships with a special version in c:\windows\system32\curl.exe) or its an issue with the certificate of the source web page.
As the download URL is

https://github.com/JuliaBinaryWrappers/Bzip2_jll.jl/releases/download/Bzip2-v1.0.6+1/Bzip2.v1.0.6.x86_64-apple-darwin14.tar.gz

It is probably something with the curl on your system.

Anyways the workaround should only be set temporarily.

kkmann · January 13, 2020, 11:56am

Okay, seems to do the trick.

I first installed curl via homebrew (not sure whether that is necessary, make sure its in the path before system curl which homebrew doesnt do automatically)

then it is simply a matter of creating/modifying your curl config e.g. using atom

atom $HOME/.curlrc

and appending the line

insecure

save, quit all terminals and now I can build FFMPEG@0.2.4

@oheil - since it is not an Pkg3 issue - is it a FFMPEG issue then? Hm, I did not have a user-level curl config before and the vanilla homebrew version alone did not resolve it either - so it is a certificate problem but why? Seems to happend to a few people…

oheil · January 13, 2020, 12:07pm

The general solution for future Julia/Pkg ist discussed here:
https://github.com/JuliaLang/julia/issues/27043

The issue with curl (and other download variants like powershell for windows) is more complex and I don’t know an exact single explanation what the problem is. In this complex there are e.g. proxy problems and there is e.g. the TLS version problem (Git does not work with TLS < 1.2, maybe this is your specific issue. You may check if TLS 1.1 is still default for your OS).

The best overall workaround for now is the “insecure” option, which should be out-commented after installation.

montmorency · February 1, 2020, 11:06pm

This solution worked for me on macOS Mojave.

I was running in to issues when trying to add the Flux package.

Unable to automatically install ‘OpenSpecFun’

Also something to do with curl not accepting certificate.

antoine-levitt · April 14, 2020, 8:17am

I had the same problem with libiconv. The insecure workaround worked.