From b27636998d9aa0208231a79d3207d7ae29047192 Mon Sep 17 00:00:00 2001 From: Jason Simeone Date: Wed, 21 Oct 2020 13:31:16 -0400 Subject: [PATCH] docker: Updated init script to load the host's root CAs into the container --- Makefile | 20 ++++++++++++++++++++ docker-compose.yml | 2 ++ 2 files changed, 22 insertions(+) diff --git a/Makefile b/Makefile index 643ccca8d..fe61cc8c7 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,7 @@ init-remote: echo "$$ACTIVATE_TEMPLATE" >./bin/activate echo "$$RSH_TEMPLATE" >./bin/rsh chmod a+x ./bin/rsh + ${MAKE} init-remote-${DEVMODE} ${MAKE} sync-once bin/sync ${RSH} sh -ce "echo local > .devmode" ${RSH} make init-env @@ -94,6 +95,25 @@ init-remote: .PHONY: init-remote +init-remote-local: +.PHONY: init-remote-local + +init-remote-docker: + HOST_CERTS=/tmp/host_certificates.pem; \ + case "`uname -s`" in \ + Linux) cp /etc/ssl/certs/ca-certificates.crt $$HOST_CERTS;; \ + Darwin) security find-certificate -a -p /Library/Keychains/System.keychain > $$HOST_CERTS;; \ + *) touch $$HOST_CERTS;; \ + esac; \ + docker cp $$HOST_CERTS `docker-compose ps -q develop`:/tmp/host_certificates.pem + ${RSH} csplit --quiet --prefix=/usr/local/share/ca-certificates/host_certificate_ --suffix='%02d.crt' --elide-empty-files /tmp/host_certificates.pem '/-----BEGIN CERTIFICATE-----/' '{*}' + ${RSH} update-ca-certificates +.PHONY: init-remote-docker + +init-remote-kube: +.PHONY: init-remote-kube + + # Create the environment and install development tools. init-env: python3 -m venv ${CURDIR} diff --git a/docker-compose.yml b/docker-compose.yml index 468b0ddeb..e621cab01 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,6 +39,8 @@ services: - npm_config_cache=/cache/npm - YARN_CACHE_FOLDER=/cache/yarn - PIP_CACHE_DIR=/cache/pip + - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + - NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt cap_add: - NET_ADMIN sysctls: