ssl certificate errors on mac os x 20. Sep 2011
If you try to download something from Github via https with wget on Mac OS X you might receive one of the following errors:
ERROR: The certificate of `github.com' is not trusted.
ERROR: The certificate of `nodeload.github.com' is not trusted.
ERROR: The certificate of `raw.github.com' is not trusted.
The reason is that the default certificate directory is hard coded in wget as /etc/ssl/certs which corresponds to the Linux directory layout and doesn’t exist on Mac OS X. I’m actually quite suprised by this because I installed wget via MacPorts so I would have expected it to have been patched for my plattform.
So, where do you get root certificates from?
You could use the certificates from the default curl installation on Mac OS X, but they are hopelessly outdated (Yes Apple, I’m looking at you!):
$ head -n 5 /usr/share/curl/curl-ca-bundle.crt
##
## $Id: ca-bundle.crt,v 1.2 2003/03/24 11:06:57 bagder Exp $
##
## ca-bundle.crt -- Bundle of CA Root Certificates
## Last Modified: Thu Mar 2 09:32:46 CET 2000
The version from the curl website is a lot fresher:
$ curl -s http://curl.haxx.se/ca/cacert.pem | head -n 4
##
## ca-bundle.crt -- Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Fri Sep 2 23:34:57 2011
Interestingly the version from MacPorts is the freshest:
$ head -n 4 /opt/local/share/curl/curl-ca-bundle.crt
##
## lib/ca-bundle.crt -- Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Tue Sep 20 00:13:05 2011
You don’t need to install curl to get the certificates, there is a separate bundle:
$ sudo port install curl-ca-bundle
Using MacPorts also has the advantage, that your root certificates get upgraded automatically when you upgrade your outdated ports.
After you installed the root certificates you need to tell wget where to look.
You can use a parameter:
$ wget --ca-certificate=/opt/local/share/curl/curl-ca-bundle.crt \
https://www.domain.com/path/to/your/file
Or you can add an option to your ~/.wgetrc:
CA_CERTIFICATE=/opt/local/share/curl/curl-ca-bundle.crt
The latter is of course much more meaningful, because it saves you from manually applying the lengthy parameter on every https download.
acoustic feedback in the terminal 19. Sep 2011
If you compile larger programs on the command line of Mac OS X it can take quite a while and you will probably not want to stare at the Terminal until compilation is finished. To give you an acoustic feedback you can create some aliases:
alias success='afplay /System/Library/Sounds/Glass.aiff'
alias failure='afplay /System/Library/Sounds/Basso.aiff'
alias exitsound='if [ $? -eq 0 ]; then success; else failure; fi'
I like to put them in ~/.bash_aliases and source them from ~/.bashrc put that’s just a matter of taste. Now you can enjoy the full glory of the alert sounds while doing stuff in the Terminal!
sudo port install something; exitsound
./configure && make; exitsound
Have fun!
spotify on mac os x via ssh 13. Sep 2011
Mit despotify wird jedes unixoide System zur drahtlosen Jukebox!
Angenehmerweise gibt es despotify unter Mac OS X als Port:
$ sudo port install despotify
$ despotify
Have fun!
prevent telecom data preservation! 13. Sep 2011
Foto: John-Paul Bader (CC-BY-SA)
Ich habe gezeichnet. Ihr solltet das auch tun.
why the neoliberals have failed 12. Sep 2011
Ich war noch nie ein Fan der Linken als Regierungspartei, aber als Korrektiv in der Opposition schätze ich sie sehr. In der seiner Rede am 7. September 2011 im Bundestag stellt Gregor Gysi nicht nur sein rhetorisches Geschick unter Beweis, er redet auch einen erfrischenden Klartext, der an diesem Ort seinesgleichen sucht (Teil 1, Teil 2).
