Merge branch 'feature/DEVOPS-1922_added_KC2' into develop

Dockerfile.micord

@@ -1,5 +1,6 @@
-ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp:c10f1-5.0.13000-20241129
+ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp-kc2:c10f1-5.0.13000-20250124
 ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_USER=ervu
 
 FROM ${BUILDER_IMAGE} AS builder
 
@@ -30,17 +31,19 @@ RUN mkdir -p .build \
 FROM ${RUNTIME_IMAGE}
 
 ENV TZ=Europe/Moscow
+ARG RUNTIME_USER
+ENV RUNTIME_USER=$RUNTIME_USER
 
 COPY entrypoint.sh /entrypoint.sh
 
 RUN apt-get update \
- && apt-get -y install glib2 libfcgi libjson-glib libuuid \
+ && apt-get -y install glib2 libfcgi libjson-glib libuuid su startup \
  && apt-get clean \
  && rm -f /var/cache/apt/*.bin \
  && rm -f /var/lib/apt/lists/update* \
  && chmod +x /entrypoint.sh \
- && groupadd --system --gid 500 ervu \
+ && groupadd --system --gid 500 $RUNTIME_USER \
- && adduser --system --no-create-home --uid 500 --gid 500 ervu
+ && adduser --system --no-create-home --uid 500 --gid 500 $RUNTIME_USER
 
 COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
 COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp
@@ -52,15 +55,18 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si
 
 EXPOSE 9009
 
-COPY --chown=ervu:ervu conf/cacerts /cacerts
+COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/cacerts /cacerts
-COPY --chown=ervu:ervu conf/certs /certs
+COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/certs /certs
+
 
 RUN echo "Installing CA certificates" \
+ && /opt/cprocsp/sbin/amd64/cryptsrv \
  && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file {} \;
 
-USER ervu
-
 RUN echo "Installing certificates" \
- && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
+ && /opt/cprocsp/sbin/amd64/cryptsrv \
+ && su -c 'find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER
+
+#USER ervu
 
 ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh

@@ -1,19 +1,25 @@
 #!/bin/bash
 
-username=$(whoami)
+username=$RUNTIME_USER
+
+set -e
+echo "Starting cryptsrv"
+/opt/cprocsp/sbin/amd64/cryptsrv
+echo $?
+set +e
 
 if [ ! -d /var/opt/cprocsp/keys/$username ]; then
   mkdir -m 700 /var/opt/cprocsp/keys/$username
-  cp -r ~/keys/* /var/opt/cprocsp/keys/$username/
+  cp -r /home/$username/keys/* /var/opt/cprocsp/keys/$username/
   chown -R $username:$username /var/opt/cprocsp/keys/$username
 fi
 
-/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov
+su - -c '/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov' $username
 
 echo "Installing CA certificates"
-find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;
+su - -c 'find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;' $username
 
-echo "Installing certificates" \
+echo "Installing certificates"
-find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
+su - -c 'find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $username
 
-/opt/ervu-sign-module/ervu-sign-module
+su - -c '/opt/ervu-sign-module/ervu-sign-module' $username