preBuild hook required in base-image

[ed-randall-blk]

Is your feature request related to a problem? Please describe.
pangeo/base-image Dockerfile contains a number of ONBUILD instructions to help the developer with standard installs of additional packages etc.
Unfortunately, none of these work in certain corporate environments where an SSL inspection proxy is used. We see errors from the ONBUILD steps like:

    RuntimeError: Download error (60) SSL peer certificate or SSH remote key was not OK [https://conda.anaconda.org/conda-forge/noarch/repodata.json]
    SSL certificate problem: self-signed certificate in certificate chain

Describe the solution you'd like
A preBuild step similar to the existing postBuild would be provide a useful point where we could configure the additional certs, proxy environment config, and anything else required before apt-get package installation can succeed.

Describe alternatives you've considered
As a workaround we have to forego the convenience of the provided ONBUILD steps and repeat the same logic in our own Dockerfile which builds FROM pangeo/base-image. We've considered forking pangeo/base-image into our own repo to make these changes possible.

Additional context
Possible code for the preBuild hook (untested):
(Insert at line 117 of https://github.com/pangeo-data/pangeo-docker-images/blob/master/base-image/Dockerfile between existing ONBUILD Checking for binder and Checking for apt.txt )

# If a preBuild file exists, run it
ONBUILD RUN echo "Checking for 'preBuild'..." \
        ; [ -d binder ] && cd binder \
        ; [ -d .binder ] && cd .binder \
        ; if test -f "preBuild" ; then \
        chmod +x preBuild \
        && ./preBuild \
        ; fi

[scottyhq]

pangeo/base-image Dockerfile contains a number of ONBUILD instructions to help the developer with standard installs of additional packages etc. Unfortunately, none of these work in certain corporate environments where an SSL inspection proxy is used.

We've never had a problem with this on JupyterHubs deployed by this project or by 2i2c. So I'm afraid it won't be a priority to add workarounds here, but pinging @consideRatio for awareness.

A preBuild step similar to the existing postBuild would be provide a useful point where we could configure the additional certs, proxy environment config, and anything else required before apt-get package installation can succeed.

Interesting idea, thanks for sharing. We have generally tried to stick to the standard repo2docker definition files https://repo2docker.readthedocs.io/en/latest/config_files.html. But of course one nice aspect of using the pangeo base-image instead of repo2docker's approach of dynamic docker image creation is that you can fork this repository and do all the ONBUILD or other docker command customizations you need!

[ed-randall-blk]

Thankyou for the repo2docker info. It seems that they've never had an issue either, presumably because the standards authors have no experience of dealing with corporate firewalls either. Which is why I raised the issue. I'll go over there and raise the same about a preBuild hook.

The first ONBUILD step which handles apt.txt can never work because there's no way for me to pre-set the proxy env needed. Of course we can fork but that's always the solution of last resort.