diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2019-04-25 18:18:14 +0200 |
|---|---|---|
| committer | Evgeny Vereshchagin <evvers@ya.ru> | 2019-04-25 20:17:20 +0200 |
| commit | 98acbb90acbaf5c0d4cb8bc5cdf8919eeddd2dbc (patch) | |
| tree | c6e797a5ec5a5bb935511bb6577b6a40f1e00de4 | |
| parent | 3927f6ed8f6d3b576ddbcdb73607261e8f3604b7 (diff) | |
| download | systemd-98acbb90acbaf5c0d4cb8bc5cdf8919eeddd2dbc.tar.gz | |
coverity: help curl to complete coverity's certificate chain
| -rwxr-xr-x | tools/coverity.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/coverity.sh b/tools/coverity.sh index 17561e948c..6dab41deaf 100755 --- a/tools/coverity.sh +++ b/tools/coverity.sh @@ -36,6 +36,12 @@ else exit 1 fi +# According to https://www.ssllabs.com/ssltest/analyze.html?d=scan.coverity.com&latest, +# the certificate chain is incomplete. Let's complete it manually by downloading the +# missing piece (which is far from ideal but better than -k). This should be removed +# once it ends up in /etc/pki/tls/certs/ca-bundle.crt officially. +curl -L https://entrust.com/root-certificates/entrust_l1k.cer | tee -a /etc/pki/tls/certs/ca-bundle.crt + # Verify upload is permitted AUTH_RES=`curl -s --show-error --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted` if [ "$AUTH_RES" = "Access denied" ]; then |