From f285445cf292744b93af6a4e5077dbbf7da586b4 Mon Sep 17 00:00:00 2001
From: Sam Clegg <sbc@chromium.org>
Date: Wed, 13 Mar 2024 12:19:04 -0700
Subject: [PATCH 1/2] Use curl to download files on macOS

---
 tools/ports/__init__.py | 33 +++++++++++----------------------
 1 file changed, 11 insertions(+), 22 deletions(-)

diff --git a/tools/ports/__init__.py b/tools/ports/__init__.py
index a4593f48fb1eb..7c4935093a55f 100644
--- a/tools/ports/__init__.py
+++ b/tools/ports/__init__.py
@@ -10,14 +10,16 @@
 import glob
 import importlib.util
 import sys
+import subprocess
 from typing import Set
+from urllib.request import urlopen
+
 from tools import cache
 from tools import config
 from tools import shared
 from tools import system_libs
 from tools import utils
 from tools.settings import settings
-
 from tools.toolchain_profiler import ToolchainProfiler
 
 ports = []
@@ -297,27 +299,14 @@ def retrieve():
       # retrieve from remote server
       logger.info(f'retrieving port: {name} from {url}')
 
-      # Attempt to use the `requests` module rather `urllib`.
-      # The main difference here is that `requests` will use the `certifi`
-      # certificate chain whereas `urllib` will use the system openssl
-      # certificate chain, which can be out-of-date on some macOS systems.
-      # TODO(sbc): Perhaps we can remove this at some point when we no
-      # longer support such out-of-date systems.
-      try:
-        import requests
-        try:
-          response = requests.get(url)
-          data = response.content
-        except requests.exceptions.InvalidSchema:
-          # requests does not support 'file://' protocol and raises InvalidSchema
-          pass
-      except ImportError:
-        pass
-
-      # If we don't have `requests` or if we got InvalidSchema then fall
-      # back to `urllib`.
-      if not data:
-        from urllib.request import urlopen
+      if utils.MACOS:
+        # Use `curl` over `urllib` on macOS to avoid issues with
+        # certicicate verification.
+        # https://stackoverflow.com/questions/40684543/how-to-make-python-use-ca-certificates-from-mac-os-truststore
+        # Unlike on Windows or Linux, curl is guaranteed to always be
+        # available on macOS.
+        data = subprocess.check_output(['curl', '-sSL', url])
+      else:
         f = urlopen(url)
         data = f.read()
 

From 058fe6e3a3e8792cd8053dedc2650a3a5421c883 Mon Sep 17 00:00:00 2001
From: Sam Clegg <sbc@chromium.org>
Date: Wed, 13 Mar 2024 17:52:54 -0700
Subject: [PATCH 2/2] Update tools/ports/__init__.py

Co-authored-by: Alon Zakai <alonzakai@gmail.com>
---
 tools/ports/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/ports/__init__.py b/tools/ports/__init__.py
index 7c4935093a55f..093eea0aaa5c8 100644
--- a/tools/ports/__init__.py
+++ b/tools/ports/__init__.py
@@ -301,7 +301,7 @@ def retrieve():
 
       if utils.MACOS:
         # Use `curl` over `urllib` on macOS to avoid issues with
-        # certicicate verification.
+        # certificate verification.
         # https://stackoverflow.com/questions/40684543/how-to-make-python-use-ca-certificates-from-mac-os-truststore
         # Unlike on Windows or Linux, curl is guaranteed to always be
         # available on macOS.