From 6988d7301107f5ac79a0cadcd6b45a59392042af Mon Sep 17 00:00:00 2001
From: RayPlante <raymond.plante@nist.gov>
Date: Mon, 30 Oct 2023 04:59:37 -0400
Subject: [PATCH] fix: support building behind a site-cert-changing firewall

---
 docker/dockbuild.sh       |  5 +++++
 docker/pymongo/Dockerfile |  5 +++++
 oar-build/_dockbuild.sh   | 15 +++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/docker/dockbuild.sh b/docker/dockbuild.sh
index a1b34b5..0793f22 100755
--- a/docker/dockbuild.sh
+++ b/docker/dockbuild.sh
@@ -33,6 +33,11 @@ setup_build
 
 log_intro   # record start of build into log
 
+# install CA certs into containers that can use them
+if { echo $BUILD_IMAGES | grep -qs pymongo; }; then
+    cp_ca_certs_to pymongo
+fi
+
 for container in $BUILD_IMAGES; do 
     echo '+ ' docker build $BUILD_OPTS -t $PACKAGE_NAME/$container $container | logit
     docker build $BUILD_OPTS -t $PACKAGE_NAME/$container $container 2>&1 | logit
diff --git a/docker/pymongo/Dockerfile b/docker/pymongo/Dockerfile
index 57b77c6..55d269a 100644
--- a/docker/pymongo/Dockerfile
+++ b/docker/pymongo/Dockerfile
@@ -11,6 +11,11 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1; \
     update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1; \
     update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
 RUN locale-gen en_US.UTF-8
+
+COPY cacerts/README.md cacerts/*.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+ENV REQUESTS_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt
+
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
diff --git a/oar-build/_dockbuild.sh b/oar-build/_dockbuild.sh
index f4ba894..dcce099 100644
--- a/oar-build/_dockbuild.sh
+++ b/oar-build/_dockbuild.sh
@@ -60,6 +60,21 @@ function setup_build {
     BUILD_OPTS=`collect_build_opts`
 }
 
+function cp_ca_certs_to {
+    # assuming we are in the docker dir
+    [ \! -d cacerts ] || {
+        crts=`echo cacerts/*.crt 2> /dev/null`
+        [ -z "$crts" ] || {
+            echo "${prog}: installing CA certs from docker/cacerts"
+            for cont in $@; do
+                mkdir -p $cont/cacerts
+                echo '+' cp $crts cacerts/README.md $cont/cacerts
+                cp $crts cacerts/README.md $cont/cacerts
+            done
+        }
+    }
+}
+
 function help {
     helpfile=$OAR_BUILD_DIR/dockbuild_help.txt
     [ -f "$OAR_DOCKER_DIR/dockbuild_help.txt" ] && \