Description of the issue
The sonar-scanner utility cannot be installed via brew because the machines do not trust the Sectigo certificate authority.
Where did the issue happen?
Stack used:Xcode 11.3.x, on macOS 10.14.6 (Mojave)
Build tags: --osx-xcode-11.3.x, --elite
Which build Step causes the issue and which version of the step?
| id: script
| version: 1.1.6
| collection: https://github.com/bitrise-io/bitrise-steplib.git
| toolkit: bash
| time: 2020-05-30T18:24:41Z
- Does a “Rebuild” help? (You can trigger a rebuild from the Build’s page, by clicking the “Rebuild” button in the top right corner of a finished build) : NO
Does a rebuild without caches help? (You can remove the
Cache:Pushsteps temporarily to not to use the cache, or you can delete all the caches on the
Settingstab of the app. : NO
- Does the issue happen sporadically, or every time? : Everytime
- Does upgrading the build Step to the latest version help? : NO
- When did the issue start? :
Visiting the site via browser shows the certificate used for the site https://binaries.sonarsource.com/ is valid up to the Sectigo root certificate.
This is the error after issuing “brew install sonar-source” in the script step. It is likely the CA root and intermediate certs are not installed and trusted by the operating system.
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.
Error: Failed to download resource “sonar-scanner”