DEVOPS-1922

Dockerfile.micord

@@ -1,5 +1,6 @@
 ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp-kc2:c10f1-5.0.13000-20250124
 ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_USER=ervu
 
 FROM ${BUILDER_IMAGE} AS builder
 
@@ -30,17 +31,19 @@ RUN mkdir -p .build \
 FROM ${RUNTIME_IMAGE}
 
 ENV TZ=Europe/Moscow
+ARG RUNTIME_USER
+ENV RUNTIME_USER=$RUNTIME_USER
 
 COPY entrypoint.sh /entrypoint.sh
 
 RUN apt-get update \
- && apt-get -y install glib2 libfcgi libjson-glib libuuid \
+ && apt-get -y install glib2 libfcgi libjson-glib libuuid su startup \
  && apt-get clean \
  && rm -f /var/cache/apt/*.bin \
  && rm -f /var/lib/apt/lists/update* \
  && chmod +x /entrypoint.sh \
- && groupadd --system --gid 500 ervu \
- && adduser --system --no-create-home --uid 500 --gid 500 ervu
+ && groupadd --system --gid 500 $RUNTIME_USER \
+ && adduser --system --no-create-home --uid 500 --gid 500 $RUNTIME_USER
 
 COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
 COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp
@@ -52,15 +55,18 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si
 
 EXPOSE 9009
 
-COPY --chown=ervu:ervu conf/cacerts /cacerts
-COPY --chown=ervu:ervu conf/certs /certs
+COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/cacerts /cacerts
+COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/certs /certs
+
 
 RUN echo "Installing CA certificates" \
+ && /opt/cprocsp/sbin/amd64/cryptsrv \
  && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file {} \;
 
-USER ervu
-
 RUN echo "Installing certificates" \
- && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
+ && /opt/cprocsp/sbin/amd64/cryptsrv \
+ && su -c 'find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER
+
+#USER ervu
 
 ENTRYPOINT ["/entrypoint.sh"]