fix: support building behind a site-cert-changing firewall

docker/dockbuild.sh

@@ -33,6 +33,11 @@ setup_build
 
 log_intro   # record start of build into log
 
+# install CA certs into containers that can use them
+if { echo $BUILD_IMAGES | grep -qs pymongo; }; then
+    cp_ca_certs_to pymongo
+fi
+
 for container in $BUILD_IMAGES; do 
     echo '+ ' docker build $BUILD_OPTS -t $PACKAGE_NAME/$container $container | logit
     docker build $BUILD_OPTS -t $PACKAGE_NAME/$container $container 2>&1 | logit

docker/pymongo/Dockerfile

@@ -11,6 +11,11 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1; \
     update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1; \
     update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
 RUN locale-gen en_US.UTF-8
+
+COPY cacerts/README.md cacerts/*.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+ENV REQUESTS_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt
+
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8

oar-build/_dockbuild.sh

@@ -60,6 +60,21 @@ function setup_build {
     BUILD_OPTS=`collect_build_opts`
 }
 
+function cp_ca_certs_to {
+    # assuming we are in the docker dir
+    [ \! -d cacerts ] || {
+        crts=`echo cacerts/*.crt 2> /dev/null`
+        [ -z "$crts" ] || {
+            echo "${prog}: installing CA certs from docker/cacerts"
+            for cont in $@; do
+                mkdir -p $cont/cacerts
+                echo '+' cp $crts cacerts/README.md $cont/cacerts
+                cp $crts cacerts/README.md $cont/cacerts
+            done
+        }
+    }
+}
+
 function help {
     helpfile=$OAR_BUILD_DIR/dockbuild_help.txt
     [ -f "$OAR_DOCKER_DIR/dockbuild_help.txt" ] && \