build attempt behind firewall

[gpettey-ercot]

I am attempting to build yq behind a firewall that intercepts SSL/TLS. I have customized Dockerfile.dev a bit, adding the replacement SSL/TLS certificates to the OpenSSL system trust store, and verified they are trusted, but the step that runs the container fails. I'm guessing "go mod" is not respecting the openssl settings of the system. How do I change that?

[2/2] STEP 4/8: COPY scripts/devtools.sh /opt/devtools.sh
--> 421047e6a97b
[2/2] STEP 5/8: RUN set -e -x &&     /opt/devtools.sh
+ /opt/devtools.sh
+ go mod download golang.org/x/tools@latest
go: module golang.org/x/tools: Get "https://proxy.golang.org/golang.org/x/tools/@v/list": tls: failed to verify certificate: x509: certificate signed by unknown authority
Error: building at STEP "RUN set -e -x &&     /opt/devtools.sh": while running runtime: exit status 1
make: *** [Makefile:47: tmp/dev_image_id] Error 1

[gpettey-ercot]

Added both openssl s_client and curl commands to proxy.golang.org (https and port 443) to Dockerfile.dev; both are succesful and treat the interception certificate as valid. Only go mod download is effed.

Tried adding ENV SSL_CERT_DIR=/etc/ssl/certs/ and ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt, and both of them, but none of the three changed the go mod download failure.

[gpettey-ercot]

PEBKAC. Certificates included "TRUSTED" in the PEM header and go mod apparently did not like that.