tlmgr update fails on macOS 10.13.6
Andreas Scherer
andreas_tex at freenet.de
Tue Oct 12 17:22:23 CEST 2021
Am 06.10.21 um 09:30 schrieb Andreas Scherer:
> Something bad has happened a few days ago:
Thanks to Mojca's hint
(https://trac.macports.org/wiki/ProblemHotlist#letsencrypt), I found a
solution today:
Here's the curl on macOS 10.13.6:
Scherer-Mac-mini-neu:~ scherer$ curl --version
curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20
zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB
SSL libz HTTP2 UnixSockets HTTPS-proxy
Next comes the error message from tlmgr; curiously enough, I saw this
error once on macOS 11.6 a few days ago:
Scherer-Mac-mini-neu:~ scherer$ tlmgr update --all
/Library/TeX/texbin/tlmgr: TLPDB::from_file could not initialize from:
https://mirror.ctan.org/systems/texlive/tlnet/tlpkg/texlive.tlpdb
/Library/TeX/texbin/tlmgr: Maybe the repository setting should be changed.
/Library/TeX/texbin/tlmgr: More info: https://tug.org/texlive/acquire.html
Trying to curl the file directly results in a certificate issue:
Scherer-Mac-mini-neu:~ scherer$ curl
https://mirror.ctan.org/systems/texlive/tlnet/tlpkg/texlive.tlpdb
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.
Using "unsecure" option '-k' succeeds:
Scherer-Mac-mini-neu:~ scherer$ curl -k
https://mirror.ctan.org/systems/texlive/tlnet/tlpkg/texlive.tlpdb -o
texlive.tlpdb
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
100 332 100 332 0 0 2509 0 --:--:-- --:--:-- --:--:--
2515
Scherer-Mac-mini-neu:~ scherer$ cat texlive.tlpdb
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a
href="https://ftp.gwdg.de/pub/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb">here</a>.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at mirror.ctan.org Port 443</address>
</body></html>
Using a fixed repository:
Scherer-Mac-mini-neu:~ scherer$ tlmgr option repository
https://ftp.gwdg.de/pub/ctan/systems/texlive/tlnet
tlmgr: setting default package repository to
https://ftp.gwdg.de/pub/ctan/systems/texlive/tlnet
tlmgr: updating /usr/local/texlive/2021/tlpkg/texlive.tlpdb
succeds as before the hickup:
Scherer-Mac-mini-neu:~ scherer$ tlmgr update --all
tlmgr: package repository
https://ftp.gwdg.de/pub/ctan/systems/texlive/tlnet (verified)
tlmgr: saving backups to /usr/local/texlive/2021/tlpkg/backups
[1/2, ??:??/??:??] update: texlive-scripts [497k] (60633 -> 60727) ... done
[2/2, 00:03/00:03] update: tlshell [30k] (58984 -> 60694) ... done
running mktexlsr ...
done running mktexlsr.
running updmap-sys ...
done running updmap-sys.
tlmgr: package log updated:
/usr/local/texlive/2021/texmf-var/web2c/tlmgr.log
tlmgr: command log updated:
/usr/local/texlive/2021/texmf-var/web2c/tlmgr-commands.log
Case closed,
Andreas
More information about the tex-live
mailing list.