Embed Mozilla's Root CA set for use in Docker environments without CA files.

Thanks to Adam Langley and Kelsey Hightower for pointers:

https://github.com/kelseyhightower/contributors/blob/master/certs.go
https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07
https://github.com/agl/extract-nss-root-certs

Change-Id: I440cedf476446da852c409958a877fbcdb464340

pkg/httputil/certs_test.go

@@ -0,0 +1,23 @@
+/*
+Copyright 2014 The Camlistore Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package httputil
+
+import "testing"
+
+func TestSystemCARootsAvailable(t *testing.T) {
+	t.Logf("Roots available = %v", SystemCARootsAvailable())
+}

server/camlistored/camlistored.go

@@ -41,6 +41,7 @@ import (
 	"time"
 
 	"camlistore.org/pkg/buildinfo"
+	"camlistore.org/pkg/httputil"
 	"camlistore.org/pkg/legal/legalprint"
 	"camlistore.org/pkg/misc"
 	"camlistore.org/pkg/netutil"
@@ -386,6 +387,13 @@ func Main(up chan<- struct{}, down <-chan struct{}) {
 	shutdownc := make(chan io.Closer, 1) // receives io.Closer to cleanly shut down
 	go handleSignals(shutdownc)
 
+	// In case we're running in a Docker container with no
+	// filesytem from which to load the root CAs, this
+	// conditionally installs a static set if necessary. We do
+	// this before we load the config file, which might come from
+	// an https URL.
+	httputil.InstallCerts()
+
 	config, isNewConfig, err := loadConfig(*flagConfigFile)
 	if err != nil {
 		exitf("Error loading config file: %v", err)