builderv2: fail to fetch vmm-xen-stubdom-linux because of TLS error

[peakunshift]

How to file a helpful issue

Qubes OS release

4.2.2

Brief summary

When fetching vmm-xen-stubdom-linux, there is the following error:

curl: (60) SSL: no alternative certificate subject name matches target host name 'freedesktop.org'

It seems that freedesktop.org renewed its SSL certificate two days ago. Also, https://freedesktop.org redirects to https://www.freedesktop.org.

Steps to reproduce

Run:

./qb -c vmm-xen-stubdom-linux package fetch

or:

curl --proto =https --proto-redir =https --tlsv1.2 --http1.1 -sSfL -o untrusted_pulseaudio-14.2.tar.xz -- https://freedesktop.org/software/pulseaudio/releases/pulseaudio-14.2.tar.xz

Expected behavior

Downloads untrusted_pulseaudio-14.2.tar.xz successfully.

Actual behavior

curl: (60) SSL: no alternative certificate subject name matches target host name 'freedesktop.org'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

How to fix it

The following command works as expected. Notice the www in the URL:

curl --proto =https --proto-redir =https --tlsv1.2 --http1.1 -sSfL -o untrusted_pulseaudio-14.2.tar.xz -- https://www.freedesktop.org/software/pulseaudio/releases/pulseaudio-14.2.tar.xz

I will open a PR to update https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/main/.qubesbuilder.