Re: Darktable - ARM Testers Needed!

2022-07-18 Thread Kurt Hindenburg 
Hi, I’ve not used it before but I’ll try to look around the GUI.  It did import 
a .jpg file.  It is using XQuartz on a M1. Here’s what printed on there 
terminal after startup.

Kurt

[dt_detect_cpu_features] Not implemented for this architecture. 
[dt_detect_cpu_features] Please contribute a patch. 
[dt_init] SSE2 instruction set is unavailable. 
[dt_init] expect a LOT of functionality to be broken. you have been warned. 
[dt_detect_cpu_features] Not implemented for this architecture. 
[dt_detect_cpu_features] Please contribute a patch. 
[dt_codepaths_init] will be using experimental plain OpenMP SIMD codepath. 
[dt_pthread_create] info: bumping pthread's stacksize from 524288 to 2097152


> On Jul 18, 2022, at 10:16 AM, Christopher Nielsen  
> wrote:
> 
> Folks, we just enabled native ARM support for Darktable, and now we need to 
> ensure the apps runs successfully for both X11 and Quartz.
> 
> In terms of testing, we’d want to try, at a minimum:
> * Launch the app, and look for any any immediately-obvious UI issues
> * Poke around the UI a bit, and try some basic operations.
> 
> Are there any folks with ARM-based Macs, who can help?
> 
> Thanks,
> -Chris

Re: fetch timeout

2022-07-18 Thread Mark Brethen 
It’s more likely that curl 7.64.1 succeeds to connect while openssl 2.8.3 fails 
with alert number 40 (see below). It might be related to the server which has 
several virtual hosts. openssl 3.0.5 (mp) seems to handle it fine compared to 
openssl 2.8.3.

Downloads $ openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

Downloads $ openssl s_client -connect wias-berlin.de:443 -servername 
wias-berlin.de
CONNECTED(0005)
depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust 
Center, CN = T-TeleSec GlobalRoot Class 2
verify return:1
depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. 
V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
verify return:1
depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. 
V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
verify return:1
depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU 
= Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN 
= www.wias-berlin.de
verify return:1

Downloads $ /usr/bin/openssl version
LibreSSL 2.8.3

Downloads $ /usr/bin/openssl s_client -connect wias-berlin.de:443 -servername 
wias-berlin.de
CONNECTED(0005)
depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust 
Center, CN = T-TeleSec GlobalRoot Class 2
verify return:1
depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. 
V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
verify return:1
depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. 
V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
verify return:1
depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU 
= Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN 
= www.wias-berlin.de
verify return:1
4381900460:error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert 
handshake 
failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL
 alert number 40
4381900460:error:140080E5:SSL routines:CONNECT_CR_KEY_EXCH:ssl handshake 
failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:585:
---



Mark



> On Jul 18, 2022, at 8:11 AM, Mark Brethen  wrote:
> 
> wias-berlin.de

Darktable - ARM Testers Needed!

2022-07-18 Thread Christopher Nielsen 
Folks, we just enabled native ARM support for Darktable, and now we need to 
ensure the apps runs successfully for both X11 and Quartz.

In terms of testing, we’d want to try, at a minimum:
* Launch the app, and look for any any immediately-obvious UI issues
* Poke around the UI a bit, and try some basic operations.

Are there any folks with ARM-based Macs, who can help?

Thanks,
-Chris

Re: fetch timeout

2022-07-18 Thread Mark Brethen 
There is something fundementally different between the OS 11 install on the 
intel MacBook vs the M1 iMac. I even wiped clean the MacBook and reinstalled OS 
11 and created a new admin account — no third party software installed. Apple's 
curl failed as before. 

I compared Macport’s curl/openssl on the MacBook (note it is using 
curl-ca-bundle.crt):

Downloads $ which curl
/opt/local/bin/curl
Downloads $ curl -v -o tetgen1.5.1.tar.gz 
https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
  Trying 62.141.177.111:443...
* Connected to wias-berlin.de (62.141.177.111) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /opt/local/share/curl/curl-ca-bundle.crt
*  CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [5159 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.; 
OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS); OU=RT; 
CN=www.wias-berlin.de
*  start date: Aug  4 13:43:33 2021 GMT
*  expire date: Sep  4 13:43:33 2022 GMT
*  subjectAltName: host "wias-berlin.de" matched cert's "wias-berlin.de"
*  issuer: C=DE; O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. 
V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1
> Host: wias-berlin.de
> User-Agent: curl/7.84.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Mon, 18 Jul 2022 11:54:58 GMT
< Server: Apache-Coyote/1.1
< Strict-Transport-Security: max-age=63072000
< Accept-Ranges: bytes
< ETag: W/"282433-153486310"
< Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT
< Content-Type: application/x-gzip
< Content-Length: 282433

/etc/ssl/cert.pem worked as well with curl 7.84.0. Note TLSv1.0 (OUT), TLS 
header, Certificate Status (22):. I also tried the curl-ca-bundle.crt with 
Apple’s curl:

Downloads $ /usr/bin/curl --cacert /opt/local/share/curl/curl-ca-bundle.crt -v 
-o tetgen1.5.1.tar.gz 
https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
  Trying 62.141.177.111...
* TCP_NODELAY set
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
Connected to wias-berlin.de (62.141.177.111) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [228 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [59 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [6122 bytes data]
* TLSv1.2 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure
  0 00

Re: fetch timeout

2022-07-18 Thread Christopher Jones 


> On 17 Jul 2022, at 7:12 pm, Mark Brethen  wrote:
> 
> It’s interesting that curl fails from my older MacBook Air, but passes on the 
> M1 iMac, both with OS 11 installed. Even after a clean reinstall. I suspect 
> it’s something about Apple’s openssl. Browsers don’t seem to mind the 
> certificate.

No, I very much doubt that is the case. If it where the case if would fail for 
you on both machines.

> 
> As a work around, I’d like to add something like this:
> 
> set check.os.major 21
> if {${check.os.major} > ${os.major}} {
> depends_fetch-append curl
> fetch {
> system "curl -L -o ${distpath}/${distfiles} 
> ${master_sites}${distfiles}"
> }
> }

It is not appropriate to add that to a port file when the origin of the issue 
is still not understood, and quite likely something specific to your setup.

Chris

> 
> 
> 
> Mark Brethen
> mark.bret...@gmail.com 
> 
> 
> 
>> On Jul 17, 2022, at 8:49 AM, Mark Brethen > > wrote:
>> 
>> I think I’m getting to the root of the problem. I tried to obtain the SSL 
>> certificate from the host server using openssl.
>> 
>> Downloads $ echo | openssl s_client -servername wias-berlin.de 
>>  -connect wias-berlin.de:443 
>>  |\  
>>   
>>   sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt
>> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust 
>> Center, CN = T-TeleSec GlobalRoot Class 2
>> verify return:1
>> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes 
>> e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
>> verify return:1
>> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes 
>> e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
>> verify return:1
>> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., 
>> OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = 
>> RT, CN = www.wias-berlin.de 
>> verify return:1
>> 4479426220:error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert 
>> handshake 
>> failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL
>>  alert number 40
>> 4479426220:error:140080E5:SSL routines:CONNECT_CR_KEY_EXCH:ssl handshake 
>> failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:585:
>> 
>> 
>> I don’t get this error on the iMac with the same OS, same openssl versions.
>> 
>> Mark
>> 
>> 
>> 
>>> On Jul 15, 2022, at 1:44 PM, Mark Brethen >> > wrote:
>>> 
>>> Maybe it’s openssl in /opt/local/bin? On the MacBook Air:
>>> 
>>> ports $ which openssl
>>> /opt/local/bin/openssl
>>> ports $ openssl version
>>> OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)
>>> 
>>> The iMac has /opt/local/bin/openssl 1.1.1
>>> 
>>> /usr/bin/openssl is libressl 2.8.3 for both.
>>> 
>>> 
>>> Mark Brethen
>>> mark.bret...@gmail.com 
>>> 
>>> 
>>> 
 On Jul 15, 2022, at 1:32 PM, Mark Brethen >>> > wrote:
 
 Heck if I know what’s wrong. Everything being equal, curl on the iMac 
 works, but on the MacBook Air it does not. Both have the same OS, same 
 curl version at /usr/bin, same cert.pem.
 
 
 Mark Brethen
 mark.bret...@gmail.com 
 
 
 
> On Jul 15, 2022, at 11:42 AM, Mark Brethen  > wrote:
> 
> On the MacBook Air openssl is able to get the certificate
> 
> Downloads $ openssl s_client -connect wias-berlin.de:443 
> 
> CONNECTED(0005)
> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems 
> Trust Center, CN = T-TeleSec GlobalRoot Class 2
> verify return:1
> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen 
> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification 
> Authority 2
> verify return:1
> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen 
> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
> verify return:1
> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin 
> e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik 
> (WIAS), OU = RT, CN = www.wias-berlin.de 
> verify return:1
> ---
> Certificate chain
>  0 s:C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., 
> OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU 
> = RT, CN = www.wias-berlin.de