Build in docker

.gitignore

@@ -1,3 +1,6 @@
+7h96bfno.000/
+linux-amd64.tgz
+conf/ervu-sign-module.conf
 CMakeFiles/
 CMakeLists.txt.user
 src/config.h

CMakeLists.txt

@@ -65,6 +65,7 @@ MESSAGE ("")
 CONFIGURE_FILE (${SOURCE_DIR}/config.h.in ${SOURCE_DIR}/config.h)
 
 SET (CRYPTOPRO_INCLUDE_DIRS
+    /opt/cprocsp/include
     /opt/cprocsp/include/cpcsp
     /opt/cprocsp/include/pki
 )

Dockerfile.micord

@@ -0,0 +1,55 @@
+ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp:c10f1-5.0.13000-20240827
+ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+
+FROM ${BUILDER_IMAGE} AS builder
+
+RUN apt-get update \
+ && apt-get -y install \
+       crontabs \
+       glibc-locales \
+       unzip \
+       glib2-devel \
+       libfcgi-devel \
+       cmake \
+       make \
+       gcc \
+       gcc10
+
+WORKDIR /build
+COPY src src
+COPY CMakeLists.txt CMakeLists.txt
+
+RUN mkdir -p .build \
+ && cd .build \
+ && cmake .. \
+ && make -j4
+
+
+FROM ${RUNTIME_IMAGE}
+
+ENV TZ=Europe/Moscow
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN apt-get update \
+ && apt-get -y install glib2 libfcgi \
+ && apt-get clean \
+ && rm -f /var/cache/apt/*.bin \
+ && rm -f /var/lib/apt/lists/update* \
+ && chmod +x /entrypoint.sh \
+ && groupadd --system --gid 500 ervu \
+ && adduser --system --no-create-home --uid 500 --gid 500 ervu
+
+COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
+COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp
+COPY --from=builder /opt/cprocsp /opt/cprocsp
+COPY --from=builder /var/opt/cprocsp /var/opt/cprocsp
+COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-sign-module
+
+#VOLUME /var/opt/cprocsp/keys/ervu/7h96bfno.000
+
+EXPOSE 9009
+
+USER ervu
+
+ENTRYPOINT ["/entrypoint.sh"]

conf/ervu-sign-module.conf.example

@@ -3,12 +3,11 @@
 
 [fcgi]
 fcgi_listen_port = 9009
-#fcgi_listen_host = 127.0.0.1
+fcgi_listen_host = 127.0.0.1
 #fcgi_thread_pool_size = 1
 
 [sign]
 #location = /sign
-cp_file = libcapi20.so
+cp_file = /opt/cprocsp/lib/amd64/libcapi20.so
 signer_subject = signer@example.ru
 pin = ****
-

conf/nginx-docker.conf

@@ -0,0 +1,9 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    location = /sign {
+	fastcgi_pass  ervu-sign-module:9009;
+	include fastcgi_params;
+    }
+}

conf/nginx.conf

@@ -0,0 +1,43 @@
+# load dynamic nginx modules
+include /etc/nginx/modules-enabled.d/*.conf;
+
+# see http://nginx.net for info & docs
+
+worker_processes  10;
+
+error_log   /var/log/nginx/error.log;
+
+events {
+	worker_connections  1024;
+}
+
+include /etc/nginx/conf-enabled.d/*.conf;
+
+http {
+	proxy_temp_path /var/spool/nginx/tmp/proxy;
+	fastcgi_temp_path /var/spool/nginx/tmp/fastcgi;
+	client_body_temp_path /var/spool/nginx/tmp/client;
+
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+
+	sendfile  on;
+	
+	gzip  on;
+
+	# text/html doesn't need to be defined there, it's compressed always
+	gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml;
+
+	# gzip_comp_level 9;
+	include /etc/nginx/sites-enabled.d/*.conf;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+		location = /sign {
+			fastcgi_pass  localhost:9009;
+			include fastcgi_params;
+		}
+	}
+}

docker-compose.yaml

@@ -0,0 +1,16 @@
+services:
+  ervu-sign-module:
+    build:
+      context: .
+      dockerfile: Dockerfile.micord
+    volumes:
+      - ./7h96bfno.000:/home/ervu/keys/7h96bfno.000
+      - ./conf/ervu-sign-module.conf:/etc/ervu-sign-module.conf
+  nginx:
+    image: nginx:latest
+    links:
+      - ervu-sign-module
+    ports:
+      - "28080:80"
+    volumes:
+      - ./conf/nginx-docker.conf:/etc/nginx/conf.d/default.conf

entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ ! -d /var/opt/cprocsp/keys/ervu ];
+  then mkdir -m 700 /var/opt/cprocsp/keys/ervu
+  cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/
+  chown -R ervu:ervu /var/opt/cprocsp/keys/ervu
+fi
+
+/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov
+/opt/ervu-sign-module/ervu-sign-module