diff --git a/Dockerfile.micord b/Dockerfile.micord index 06ebcb9..7a0be8d 100644 --- a/Dockerfile.micord +++ b/Dockerfile.micord @@ -14,7 +14,8 @@ RUN apt-get update \ make \ gcc \ gcc10 \ - libjson-glib libjson-glib-devel + libjson-glib libjson-glib-devel \ + libuuid libuuid-devel WORKDIR /build COPY src src @@ -33,7 +34,7 @@ ENV TZ=Europe/Moscow COPY entrypoint.sh /entrypoint.sh RUN apt-get update \ - && apt-get -y install glib2 libfcgi libjson-glib \ + && apt-get -y install glib2 libfcgi libjson-glib libuuid \ && apt-get clean \ && rm -f /var/cache/apt/*.bin \ && rm -f /var/lib/apt/lists/update* \ @@ -51,18 +52,15 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si EXPOSE 9009 -ARG ESIA_CA_CERT=test_ca_rtk3.cer -COPY conf/${ESIA_CA_CERT} ${ESIA_CA_CERT} -RUN /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file "${ESIA_CA_CERT}" +COPY --chown=ervu:ervu conf/cacerts /cacerts +COPY --chown=ervu:ervu conf/certs /certs + +RUN echo "Installing CA certificates" \ + && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mCA -file {} \; USER ervu -ARG ESIA_CERT="TESIA GOST 2012 new.cer" -ARG ESIA_CA_CRL=b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl -COPY --chown=ervu:ervu conf/${ESIA_CERT} ${ESIA_CERT} -COPY --chown=ervu:ervu conf/${ESIA_CA_CRL} ${ESIA_CA_CRL} - -RUN /opt/cprocsp/bin/amd64/certmgr -install -file "${ESIA_CERT}" \ - && /opt/cprocsp/bin/amd64/certmgr -install -store uCA -crl -file "${ESIA_CA_CRL}" +RUN echo "Installing certificates" \ + && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; ENTRYPOINT ["/entrypoint.sh"] diff --git a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl b/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl deleted file mode 100644 index 51ebdaa..0000000 Binary files a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl and /dev/null differ diff --git a/conf/cacerts/README b/conf/cacerts/README new file mode 100644 index 0000000..e4788a9 --- /dev/null +++ b/conf/cacerts/README @@ -0,0 +1 @@ +В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt \ No newline at end of file diff --git a/conf/cacerts/guc2022.crt b/conf/cacerts/guc2022.crt new file mode 100644 index 0000000..fd20eb4 Binary files /dev/null and b/conf/cacerts/guc2022.crt differ diff --git a/conf/cacerts/test-crypto-pro-ca.crt b/conf/cacerts/test-crypto-pro-ca.crt new file mode 100644 index 0000000..9e00826 Binary files /dev/null and b/conf/cacerts/test-crypto-pro-ca.crt differ diff --git a/conf/test_ca_rtk3.cer b/conf/cacerts/test_ca_rtk3.crt similarity index 100% rename from conf/test_ca_rtk3.cer rename to conf/cacerts/test_ca_rtk3.crt diff --git a/conf/cacerts/ucfk_2023.crt b/conf/cacerts/ucfk_2023.crt new file mode 100644 index 0000000..daef016 Binary files /dev/null and b/conf/cacerts/ucfk_2023.crt differ diff --git a/conf/certs/MNSV90-test.cer b/conf/certs/MNSV90-test.cer new file mode 100644 index 0000000..19ee8bb Binary files /dev/null and b/conf/certs/MNSV90-test.cer differ diff --git a/conf/certs/README b/conf/certs/README new file mode 100644 index 0000000..627bc80 --- /dev/null +++ b/conf/certs/README @@ -0,0 +1 @@ +В данном каталоге должны находится файлы сертификатов с расширением .cer или .crt diff --git a/conf/certs/esia_prod.cer b/conf/certs/esia_prod.cer new file mode 100644 index 0000000..056011b Binary files /dev/null and b/conf/certs/esia_prod.cer differ diff --git a/conf/TESIA GOST 2012 new.cer b/conf/certs/esia_test.cer similarity index 100% rename from conf/TESIA GOST 2012 new.cer rename to conf/certs/esia_test.cer diff --git a/entrypoint.sh b/entrypoint.sh index ca327f4..dd2c6eb 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,16 +1,19 @@ #!/bin/bash -if [ ! -d /var/opt/cprocsp/keys/ervu ]; - then mkdir -m 700 /var/opt/cprocsp/keys/ervu - cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/ - chown -R ervu:ervu /var/opt/cprocsp/keys/ervu +username=$(whoami) + +if [ ! -d /var/opt/cprocsp/keys/$username ]; then + mkdir -m 700 /var/opt/cprocsp/keys/$username + cp -r ~/keys/* /var/opt/cprocsp/keys/$username/ + chown -R $username:$username /var/opt/cprocsp/keys/$username fi /opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov -set +e -cd /home/ervu/cacerts -echo o | /opt/cprocsp/bin/amd64/certmgr -install -store uRoot -file test_ca_2014.crt -set -e +echo "Installing CA certificates" +find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \; + +echo "Installing certificates" \ +find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; /opt/ervu-sign-module/ervu-sign-module