summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvgeny Vereshchagin <evvers@ya.ru>2019-04-25 19:13:40 +0200
committerEvgeny Vereshchagin <evvers@ya.ru>2019-04-25 20:17:20 +0200
commitdb670c5fe35ffb13e863dd5560a8a1d9fd780663 (patch)
treebf17ee7b1d0e776816b10566aa4344896a435c5f
parent5d33f0c042bf005bccf118b1bbcd83ca68d63969 (diff)
downloadsystemd-what-s-up-with-coverity.tar.gz
coverity: help wget to complete coverity's certificate chainwhat-s-up-with-coverity
-rwxr-xr-xtravis-ci/tools/get-coverity.sh10
1 files changed, 8 insertions, 2 deletions
diff --git a/travis-ci/tools/get-coverity.sh b/travis-ci/tools/get-coverity.sh
index b7e907a417..c5f622b5a4 100755
--- a/travis-ci/tools/get-coverity.sh
+++ b/travis-ci/tools/get-coverity.sh
@@ -22,8 +22,14 @@ sudo apt-get update && sudo apt-get -y install wget
if [ ! -d $TOOL_BASE ]; then
# Download Coverity Scan Analysis Tool
if [ ! -e $TOOL_ARCHIVE ]; then
- echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
- wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
+ echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
+ # According to https://www.ssllabs.com/ssltest/analyze.html?d=scan.coverity.com&latest,
+ # the certificate chain is incomplete. Let's complete it manually by downloading the
+ # missing piece (which is far from ideal but better than --no-check-certificate). This should
+ # be removed once it ends up in /etc/ssl/certs/ca-certificates.crt officially.
+ cp /etc/ssl/certs/ca-certificates.crt .
+ wget -nv -O - https://entrust.com/root-certificates/entrust_l1k.cer | tee -a ./ca-certificates.crt
+ wget --ca-certificate ./ca-certificates.crt -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
fi
# Extract Coverity Scan Analysis Tool