diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2019-04-25 19:13:40 +0200 |
|---|---|---|
| committer | Evgeny Vereshchagin <evvers@ya.ru> | 2019-04-25 20:17:20 +0200 |
| commit | db670c5fe35ffb13e863dd5560a8a1d9fd780663 (patch) | |
| tree | bf17ee7b1d0e776816b10566aa4344896a435c5f | |
| parent | 5d33f0c042bf005bccf118b1bbcd83ca68d63969 (diff) | |
| download | systemd-what-s-up-with-coverity.tar.gz | |
coverity: help wget to complete coverity's certificate chainwhat-s-up-with-coverity
| -rwxr-xr-x | travis-ci/tools/get-coverity.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/travis-ci/tools/get-coverity.sh b/travis-ci/tools/get-coverity.sh index b7e907a417..c5f622b5a4 100755 --- a/travis-ci/tools/get-coverity.sh +++ b/travis-ci/tools/get-coverity.sh @@ -22,8 +22,14 @@ sudo apt-get update && sudo apt-get -y install wget if [ ! -d $TOOL_BASE ]; then # Download Coverity Scan Analysis Tool if [ ! -e $TOOL_ARCHIVE ]; then - echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" - wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" + echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" + # According to https://www.ssllabs.com/ssltest/analyze.html?d=scan.coverity.com&latest, + # the certificate chain is incomplete. Let's complete it manually by downloading the + # missing piece (which is far from ideal but better than --no-check-certificate). This should + # be removed once it ends up in /etc/ssl/certs/ca-certificates.crt officially. + cp /etc/ssl/certs/ca-certificates.crt . + wget -nv -O - https://entrust.com/root-certificates/entrust_l1k.cer | tee -a ./ca-certificates.crt + wget --ca-certificate ./ca-certificates.crt -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" fi # Extract Coverity Scan Analysis Tool |