diff --git a/.gitignore b/.gitignore index bc7f707..54be822 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,3 @@ CMakeFiles/ CMakeLists.txt.user src/config.h src/version.h - diff --git a/Dockerfile.micord b/Dockerfile.micord index 06ebcb9..21db8b2 100644 --- a/Dockerfile.micord +++ b/Dockerfile.micord @@ -51,18 +51,15 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si EXPOSE 9009 -ARG ESIA_CA_CERT=test_ca_rtk3.cer -COPY conf/${ESIA_CA_CERT} ${ESIA_CA_CERT} -RUN /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file "${ESIA_CA_CERT}" +COPY --chown=ervu:ervu conf/cacerts /cacerts +COPY --chown=ervu:ervu conf/certs /certs + +RUN echo "Installing CA certificates" \ + && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mCA -file {} \; USER ervu -ARG ESIA_CERT="TESIA GOST 2012 new.cer" -ARG ESIA_CA_CRL=b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl -COPY --chown=ervu:ervu conf/${ESIA_CERT} ${ESIA_CERT} -COPY --chown=ervu:ervu conf/${ESIA_CA_CRL} ${ESIA_CA_CRL} - -RUN /opt/cprocsp/bin/amd64/certmgr -install -file "${ESIA_CERT}" \ - && /opt/cprocsp/bin/amd64/certmgr -install -store uCA -crl -file "${ESIA_CA_CRL}" +RUN echo "Installing certificates" \ + && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; ENTRYPOINT ["/entrypoint.sh"] diff --git a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl b/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl deleted file mode 100644 index 51ebdaa..0000000 Binary files a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl and /dev/null differ diff --git a/conf/cacerts/README b/conf/cacerts/README new file mode 100644 index 0000000..e4788a9 --- /dev/null +++ b/conf/cacerts/README @@ -0,0 +1 @@ +В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt \ No newline at end of file diff --git a/conf/cacerts/guc2022.crt b/conf/cacerts/guc2022.crt new file mode 100644 index 0000000..fd20eb4 Binary files /dev/null and b/conf/cacerts/guc2022.crt differ diff --git a/conf/test_ca_rtk3.cer b/conf/cacerts/test_ca_rtk3.crt similarity index 100% rename from conf/test_ca_rtk3.cer rename to conf/cacerts/test_ca_rtk3.crt diff --git a/conf/cacerts/ucfk_2023.crt b/conf/cacerts/ucfk_2023.crt new file mode 100644 index 0000000..daef016 Binary files /dev/null and b/conf/cacerts/ucfk_2023.crt differ diff --git a/conf/certs/README b/conf/certs/README new file mode 100644 index 0000000..627bc80 --- /dev/null +++ b/conf/certs/README @@ -0,0 +1 @@ +В данном каталоге должны находится файлы сертификатов с расширением .cer или .crt diff --git a/conf/certs/esia_prod.cer b/conf/certs/esia_prod.cer new file mode 100644 index 0000000..056011b Binary files /dev/null and b/conf/certs/esia_prod.cer differ diff --git a/conf/TESIA GOST 2012 new.cer b/conf/certs/esia_test.cer similarity index 100% rename from conf/TESIA GOST 2012 new.cer rename to conf/certs/esia_test.cer diff --git a/entrypoint.sh b/entrypoint.sh index ca327f4..dd2c6eb 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,16 +1,19 @@ #!/bin/bash -if [ ! -d /var/opt/cprocsp/keys/ervu ]; - then mkdir -m 700 /var/opt/cprocsp/keys/ervu - cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/ - chown -R ervu:ervu /var/opt/cprocsp/keys/ervu +username=$(whoami) + +if [ ! -d /var/opt/cprocsp/keys/$username ]; then + mkdir -m 700 /var/opt/cprocsp/keys/$username + cp -r ~/keys/* /var/opt/cprocsp/keys/$username/ + chown -R $username:$username /var/opt/cprocsp/keys/$username fi /opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov -set +e -cd /home/ervu/cacerts -echo o | /opt/cprocsp/bin/amd64/certmgr -install -store uRoot -file test_ca_2014.crt -set -e +echo "Installing CA certificates" +find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \; + +echo "Installing certificates" \ +find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; /opt/ervu-sign-module/ervu-sign-module diff --git a/ervu-sign-module.service b/ervu-sign-module.service index c5b4815..6a5b68b 100644 --- a/ervu-sign-module.service +++ b/ervu-sign-module.service @@ -8,4 +8,4 @@ StandardError=journal User=ervu [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target diff --git a/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt b/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt index 31e3aa0..a6ffb4d 100644 --- a/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt +++ b/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt @@ -37,4 +37,4 @@ systemctl start ervu-sign-module ``` Статус-код ответа должен быть равен 200 OK. -В ответе должна быть возвращена строчка "1.2.0". \ No newline at end of file +В ответе должна быть возвращена строчка "1.2.0".