# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
PortGroup clang_dependency 1.0
# Increase the revision of p5-www-curl whenever the version of curl gets updated.
name curl
version 8.12.1
checksums rmd160 c29a185531db8a3983ff146e1b682ee408b0b257 \
sha256 0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c76de202 \
size 2768160
categories net www
platforms darwin freebsd
maintainers {ryandesign @ryandesign}
license Curl
description Tool for transferring files with URL syntax
long_description curl is a client to get documents/files from servers, \
using any of the supported protocols. The command is \
designed to work without user interaction or any kind \
of interactivity.
homepage https://curl.se
master_sites ${homepage}/download/:curl \
use_xz yes
set curl_distfile ${distfiles}
distfiles ${curl_distfile}:curl
checksums-prepend ${curl_distfile}
if {${name} eq ${subport}} {
PortGroup muniversal 1.0
revision 0
depends_build path:bin/pkg-config:pkgconfig
depends_lib port:zlib
patchfiles-append managen.patch
configure.args --disable-silent-rules \
--enable-ipv6 \
--without-brotli \
--without-gnutls \
--without-gssapi \
--without-libgsasl \
--without-libidn2 \
--without-libpsl \
--without-librtmp \
--without-libssh2 \
--without-mbedtls \
--without-nghttp2 \
--without-nghttp3 \
--without-ngtcp2 \
--without-openssl \
--without-ssl \
--without-secure-transport \
--without-wolfssl \
--without-zstd \
--disable-ares \
--disable-ldap \
--disable-ldaps \
--with-zlib=${prefix} \
configure.cflags-append -mmacosx-version-min=${macosx_deployment_target}
configure.checks.implicit_function_declaration.whitelist-append strchr
if {${os.platform} eq "darwin" && ${os.major} < 10} {
depends_build-append port:cctools
configure.env-append NM=${prefix}/bin/nm
configure.args-append lt_cv_path_NM=${prefix}/bin/nm
post-configure {
if {[variant_exists universal] && [variant_isset universal]} {
set dirs {}
foreach arch ${universal_archs_to_use} {
lappend dirs ${worksrcpath}-${arch}
} else {
set dirs ${worksrcpath}
foreach dir ${dirs} {
reinplace -E {s|-arch [a-z0-9_]+||g} ${dir}/curl-config
# These flags only ends up in curl-config in some cases, such as
# when "cross compiling" a universal binary.
# See https://trac.macports.org/ticket/24001
reinplace -E -q {s/ '(host_alias|--host)=[^']+'//g} ${dir}/curl-config
test.run yes
test.target test-full
test.args -j${build.jobs} TFLAGS=-j${build.jobs}
global merger_dont_diff
set merger_dont_diff "${prefix}/include/curl/curlbuild.h"
post-destroot {
set docdir ${prefix}/share/doc/${name}
xinstall -d ${destroot}${docdir}/html/libcurl ${destroot}${docdir}/pdf/libcurl \
xinstall -m 0644 -W ${worksrcpath} \
xinstall -m 0644 -W ${worksrcpath}/docs \
BUGS.md \
HELP-US.md \
TheArtOfHttpScripting.md \
if {[variant_isset http3]} {
xinstall -m 0644 -W ${worksrcpath}/docs \
HTTP3.md \
xinstall -m 0644 ${worksrcpath}/docs/libcurl/libcurl.m4 \
variant ares description {Support resolving names asynchronously} {
depends_lib-append port:c-ares
configure.args-replace --disable-ares --enable-ares
variant brotli description {Support brotli compression} {
depends_lib-append port:brotli
configure.args-replace --without-brotli --with-brotli
variant darwinssl conflicts gnutls mbedtls ssl wolfssl description {Allow secure connections using Apple OS native TLS} {
configure.args-delete --without-ssl
configure.args-replace --without-secure-transport --with-secure-transport
configure.args-append --without-ca-bundle
variant gnutls conflicts darwinssl mbedtls ssl wolfssl description {Allow secure connections using GNU TLS} {
depends_lib-append path:lib/pkgconfig/gnutls.pc:gnutls \
configure.args-delete --without-ssl
configure.args-replace --without-gnutls --with-gnutls
configure.args-append --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
variant mbedtls conflicts darwinssl gnutls ssl wolfssl description {Allow secure connections using mbed TLS (formerly PolarSSL)} {
depends_lib-append port:mbedtls \
configure.args-delete --without-ssl
configure.args-replace --without-mbedtls --with-mbedtls
configure.args-append --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
variant wolfssl conflicts darwinssl mbedtls gnutls ssl description {Allow secure connections using wolfSSL (formerly CyaSSL)} {
depends_lib-append port:wolfssl \
configure.args-delete --without-ssl
configure.args-replace --without-wolfssl --with-wolfssl
configure.args-append --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
variant gsasl description {Support SCRAM-SHA-1 and SCRAM-SHA-256 with libgsasl} {
depends_lib-append port:libgsasl
configure.args-replace --without-libgsasl --with-libgsasl
variant gss description {Support the Generic Security Service API} {
# This needs to use the system's Kerberos, not MacPorts' gss or kerberos5.
conflicts-append gss kerberos5
configure.args-replace --without-gssapi --with-gssapi
variant http2 description {Support HTTP/2} {
depends_lib-append port:nghttp2
configure.args-replace --without-nghttp2 --with-nghttp2=${prefix}
variant http3 requires gnutls description {Support HTTP/3 with nghttp3 and ngtcp2} {
depends_lib-append port:nghttp3 \
configure.args-replace --without-nghttp3 --with-nghttp3=${prefix} \
--without-ngtcp2 --with-ngtcp2=${prefix}
variant idn description {Support internationalized domain names} {
depends_lib-append port:libidn2
configure.args-replace --without-libidn2 --with-libidn2=${prefix}
variant openldap description {Support performing Lightweight Directory Access Protocol queries with OpenLDAP} {
depends_lib-append path:lib/libldap.dylib:openldap
configure.args-replace --disable-ldap --enable-ldap
configure.args-replace --disable-ldaps --enable-ldaps
# Curl's psl support does not require its idn support but the libpsl port
# depends on the libidn2 port so we might as well enable curl's idn support.
variant psl requires idn description {Use the public suffix list to avoid privacy-leaking "supercookies"} {
depends_lib-append port:libpsl
configure.args-replace --without-libpsl --with-libpsl
variant rtmp description {Support RTMP media streams} {
depends_lib-append port:rtmpdump
configure.args-replace --without-librtmp --with-librtmp
variant sftp_scp description {Support SFTP/SCP connections via libssh2} {
depends_lib-append port:libssh2
configure.args-replace --without-libssh2 --with-libssh2
variant ssl conflicts darwinssl gnutls mbedtls wolfssl description {Allow secure connections using OpenSSL} {
depends_lib-append path:lib/libssl.dylib:openssl \
configure.args-delete --without-ssl
configure.args-replace --without-openssl --with-openssl
configure.args-append --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
variant zstd description {Support zstd compression} {
depends_lib-append port:zstd
configure.args-replace --without-zstd --with-zstd
default_variants +brotli +http2 +idn +psl +zstd
if {![variant_isset darwinssl] && ![variant_isset gnutls] && ![variant_isset mbedtls] && ![variant_isset wolfssl]} {
default_variants-append +ssl
if {[variant_isset darwinssl] || [variant_isset mbedtls]} {
notes-append {
The selected TLS library does not support TLS 1.3; you may want to\
use one that does by choosing the +ssl, +gnutls, or +wolfssl variant.
livecheck.type regex
livecheck.url [join [lrange [split [lindex ${master_sites} 0] {:}] 0 end-1] {:}]
livecheck.regex ${name}-(\[0-9.\]+)[quotemeta ${extract.suffix}]
} else {
livecheck.type none
subport curl-ca-bundle {
# Also increase the revision of privoxy-pki-bundle whenever curl-ca-bundle contents change.
revision 0
categories net
license {MPL-2 LGPL-2.1+}
supported_archs noarch
platforms any
installs_libs no
conflicts certsync
description CA certificate bundle for curl
long_description Installs a bundle of certification authority certificates \
(CA certs) which curl (when linked with OpenSSL) uses to \
verify the authenticity of secure web and FTP servers.
depends_extract-append bin:unzip:unzip
if {${os.platform} eq "darwin" && ${os.major} <= 10} {
# Day too big - 24854 > 24853
# Cannot handle date (59, 59, 23, 18, 0, 2038) at /System/Library/Perl/5.10.0/darwin-thread-multi-2level/Time/Piece.pm line 315
depends_build-append port:perl5
} else {
depends_build-append bin:perl:perl5
# The approximate time (in seconds since the epoch) when the port maintainer
# updated the certdata.txt file in this port. (The output of "date +%s".)
set certdata_updated 1734045673
# The upstream commit in which certdata.txt was last updated.
set certdata_commit fc857d1685f9cd017a2cf656a52d871b02a4cc89
# The date (in YYYYMMDD format) that commit was pushed.
set certdata_date 20241119
set certdata_file certdata.txt
# Using tar.bz2 would be preferable because it's smaller but upstream has
# disabled the creation of all but zip archives:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1596135
set certdata_extract_suffix .zip
set certdata_distfile certdata-${certdata_date}-${certdata_commit}${certdata_extract_suffix}
set certdata_path security/nss/lib/ckfw/builtins/${certdata_file}
# Only try to fetch from upstream shortly after the port is updated,
# to reduce load on their server:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1596135
if {[clock seconds] - ${certdata_updated} < 86400} {
master_sites-append https://hg.mozilla.org/mozilla-central/archive/${certdata_commit}${certdata_extract_suffix}/${certdata_path}?dummy=:certdata
} else {
master_sites-append macports_distfiles::certdata
distfiles-append ${certdata_distfile}:certdata
checksums-append ${certdata_distfile} \
rmd160 84fe81fcee192f13de1a21fb44b9a529515db8f9 \
sha256 3112344e7742a3372e756f8c080765cc98dc7b2807b813cdef5b9d5421ec0784 \
size 291100
extract.only ${curl_distfile}
extract.post_args-append ${worksrcdir}/scripts/mk-ca-bundle.pl
post-extract {
system -W ${workpath} "unzip -q -a [shellescape ${distpath}/${certdata_distfile}]"
move ${workpath}/mozilla-central-${certdata_commit}/${certdata_path} ${worksrcpath}/${certdata_file}
file mkdir ${worksrcpath}/lib
use_configure no
build.cmd scripts/mk-ca-bundle.pl
build.args -n lib/ca-bundle.crt
destroot {
set ca_bundle_dir ${prefix}/share/curl
set openssl_dir ${prefix}/etc/openssl
xinstall -d ${destroot}${ca_bundle_dir} ${destroot}${openssl_dir}
xinstall -m 644 ${worksrcpath}/lib/ca-bundle.crt ${destroot}${ca_bundle_dir}/curl-ca-bundle.crt
ln -s ${ca_bundle_dir}/curl-ca-bundle.crt ${destroot}${openssl_dir}/cert.pem
livecheck.type regexm
livecheck.url https://hg.mozilla.org/mozilla-central/log/default/${certdata_path}
livecheck.version [regsub {(....)(..)(..)} ${certdata_date} {\1-\2-\3}]
livecheck.regex {[0-9a-f]+
created [^<]+\n
pushed ([0-9-]+)}