pod install fails on certificate
Closed this issue · 11 comments
- Fetching geoip database
--2018-05-31 13:45:33-- https://download.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
Resolving download.maxmind.com (download.maxmind.com)... 104.16.37.47, 104.16.38.47
Connecting to download.maxmind.com (download.maxmind.com)|104.16.37.47|:443... connected.
ERROR: The certificate of 'download.maxmind.com' is not trusted.
ERROR: The certificate of 'download.maxmind.com' hasn't got a known issuer.
[!] Failed to download 'measurement_kit'.
I am missing context. What branch are you using? In the current master, when you run pod install, it should download a precompiled MK. The download of GeoIP only becomes a thing if the download of a precompiled MK fails and then it tries to recompile MK. (Also, for recompiling MK in that context, GeoIP is not actually needed, but that's unrelated.) Can you perhaps past the verbose output of pod install, so that I can better reason on what is going on?
Downloaded master branch as zip from the green button on https://github.com/measurement-kit/ios-example - here's a --verbose. Workaround would be to have the user put "check_certificate=off" in their .wgetrc.
` pod install --verbose
Preparing
Analyzing dependencies
Inspecting targets to integrate
Using ARCHS setting to build architectures of target Pods-measurement-kit-test: (``)
Finding Podfile changes
- measurement_kit
Fetching external sources
-> Pre-downloading: measurement_kit from https://github.com/measurement-kit/measurement-kit.git, tag v0.8.3
Git download
Git download
$ /usr/local/bin/git clone https://github.com/measurement-kit/measurement-kit.git
/var/folders/6v/xyhxnk597g95yt1h2bztwx3h0000gn/T/d20180531-71518-9534os --template= --single-branch --depth 1
--branch v0.8.3
Cloning into '/var/folders/6v/xyhxnk597g95yt1h2bztwx3h0000gn/T/d20180531-71518-9534os'...
Note: checking out '0b9eabb1450ca06e3d4ad06aff71787a65cd2465'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b <new-branch-name>
Running prepare command
$ /bin/bash -c set -e ./build/ios/library
--2018-05-31 13:43:09-- https://github.com/measurement-kit/measurement-kit/releases/download/v0.8.3/ios_binaries-0.8.3.tgz
R'esolution de github.com (github.com)... 192.30.253.113, 192.30.253.112
Connexiona github.com (github.com)|192.30.253.113|:443... connect'e. Erreur : le certificat degithub.com' n'est pas de confiance.
Erreur : le certificat de `github.com' n'est pas d'un 'emetteur connu.
Downloading and verifying precompiled dependencies from github
######################################################################## 100.0%
######################################################################## 100.0%
gpg: assuming signed data in 'ios-dependencies-20180326T003530Z.tgz'
gpg: Signature made Mon Mar 26 00:35:32 2018 CEST
gpg: using RSA key 738877AA6C829F26A431C5F480B691277733D95B
gpg: requesting key 80B691277733D95B from hkps server hkps.pool.sks-keyservers.net
gpg: key 80B691277733D95B: 41 duplicate signatures removed
gpg: key 80B691277733D95B: 9 signatures not checked due to missing keys
gpg: key 80B691277733D95B: 11 signatures reordered
gpg: key 80B691277733D95B: public key "Simone Basso bassosimone@gmail.com" imported
gpg: public key 7E9FAD97BE2F8A87 is 2320 seconds newer than the signature
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Simone Basso bassosimone@gmail.com" [unknown]
gpg: aka "Simone Basso simone.basso@polito.it" [unknown]
gpg: aka "Simone Basso simone@openobservatory.org" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7388 77AA 6C82 9F26 A431 C5F4 80B6 9127 7733 D95B
Cross-compiling mk for all platforms and archs
Cross compiling for iphonesimulator and x86_64
./build/dependency: init
./build/dependency: patch_pre_autogen
./build/dependency: autogen
- ./autogen.sh
- Generating automatic includes: include/measurement_kit/*.hpp
- Generating include.am
- Updating .gitignore
- Fetching geoip database
--2018-05-31 13:43:29-- https://download.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
Resolving download.maxmind.com (download.maxmind.com)... 104.16.37.47, 104.16.38.47
Connecting to download.maxmind.com (download.maxmind.com)|104.16.37.47|:443... connected.
ERROR: The certificate of 'download.maxmind.com' is not trusted.
ERROR: The certificate of 'download.maxmind.com' hasn't got a known issuer.
[!] Failed to download 'measurement_kit'.
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/external_sources/abstract_external_source.rb:119:in rescue in block in pre_download' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/external_sources/abstract_external_source.rb:114:in block in pre_download'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/user_interface.rb:85:in titled_section' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/external_sources/abstract_external_source.rb:112:in pre_download'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/external_sources/downloader_source.rb:13:in fetch' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:697:in fetch_external_source'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:673:in block (2 levels) in fetch_external_sources' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:672:in each'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:672:in block in fetch_external_sources' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/user_interface.rb:64:in section'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:671:in fetch_external_sources' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer/analyzer.rb:85:in analyze'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer.rb:243:in analyze' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer.rb:154:in block in resolve_dependencies'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/user_interface.rb:64:in section' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer.rb:153:in resolve_dependencies'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/installer.rb:116:in install!' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/command/install.rb:41:in run'
/Library/Ruby/Gems/2.3.0/gems/claide-1.0.2/lib/claide/command.rb:334:in run' /Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/lib/cocoapods/command.rb:52:in run'
/Library/Ruby/Gems/2.3.0/gems/cocoapods-1.5.0/bin/pod:55:in <top (required)>' /usr/local/bin/pod:22:in load'
/usr/local/bin/pod:22:in <main>'
Thank you. So, it looks like, for some reason, your host's wget does not recognise the certificate provided by github.com. This is apparent from the following lines:
$ /bin/bash -c set -e ./build/ios/library
--2018-05-31 13:43:09-- https://github.com/measurement-kit/measurement-kit/releases/download/v0.8.3/ios_binaries-0.8.3.tgz
R'esolution de github.com (github.com)... 192.30.253.113, 192.30.253.112
Connexion a github.com (github.com)|192.30.253.113|:443... connect'e. Erreur : le certificat degithub.com' n'est pas de confiance.
Erreur : le certificat de `github.com' n'est pas d'un 'emetteur connu.
This is weird, and I don't know exactly how I can help you debugging that. I just tried following your steps by downloading the zip from master and running the install command, and it was working for me. The issue that GeoIP is not required when compiling for iOS should be addressed separately.
The issue that GeoIP is not required when compiling for iOS should be addressed separately.
Actually, I've now noticed that the issue is fixed for measurement-kit's master. Fixing it on the stable branch seems to be a bit annoying, because of some technical debt that I don't fix it's wise to repay now that the master branch is about to land as stable with a new stable release.
To further diagnose the problem, I recommend trying to understand what wget version you are using, how it is compiled, and whether it could download assets from github.com. All these questions should probably help you to understand what is wrong with wget and/or with your certificate chain. (In the version of MK that is in master we will not use wget anymore as we are normalising all our build script to always and only require curl for downloading.)
Addition: your original post mentioned issues with maxmind.com while I noticed issues with github.com in the logs. This is the specific reason by which I believe there is something wrong in the way in which your wget is working. It's maybe worth trying more https websites.
Weird thing is, it should just be the xcode tool chain. Anyway, good to see we know what this is, at least that'll help people work around it
Weird thing is, it should just be the xcode tool chain.
I do not fully understand what you mean.
I mean, this mac should just have default OS X and XCode development tools installed. I'll investigate what's happening there
this mac should just have default OS X and XCode development tools installed.
Ah, I see. For the records, it seems on my system I'm using the wget from Homebrew.
Also, you may want to try using the master branch of MK (not declared stable but that should approach stability with a fast pace). To this end, you can patch the sources you have downloaded as follows:
$ diff -u Podfile.old Podfile
--- Podfile.old 2018-05-31 16:02:09.000000000 +0200
+++ Podfile 2018-05-31 16:02:20.000000000 +0200
@@ -2,6 +2,6 @@
target 'measurement-kit-test' do
pod 'measurement_kit',
- :git => 'https://github.com/measurement-kit/measurement-kit.git',
- :tag => 'v0.8.3'
+ :git => 'https://github.com/measurement-kit/ios-libs.git',
+ :branch => 'master'
endSince we've switched everything over to curl, this may be a lazy workaround. (I just tested it and it works on my system, where however I did not experience any wget issue as well).
Hope that helps!
Since curl is part of base OS that's a pretty decent workaround.
Yeah, I think, in retrospect, using curl since the beginning would have been better. I am going to close this issue. Let me know if trying the strategy I proposed above fails.