fix

2025-01-20 12:20:01 +03:00 · 2025-01-20 12:20:01 +03:00 · db08da6a83
commit db08da6a83
parent 415beb65d0
12 changed files with 23 additions and 20 deletions
--- a/Dockerfile.micord
+++ b/Dockerfile.micord
@ -14,7 +14,8 @@ RUN apt-get update \
       make \
       gcc \
       gcc10 \
-       libjson-glib libjson-glib-devel
+       libjson-glib libjson-glib-devel \
+       libuuid libuuid-devel

 WORKDIR /build
 COPY src src
@ -33,7 +34,7 @@ ENV TZ=Europe/Moscow
 COPY entrypoint.sh /entrypoint.sh

 RUN apt-get update \
- && apt-get -y install glib2 libfcgi libjson-glib \
+ && apt-get -y install glib2 libfcgi libjson-glib libuuid \
 && apt-get clean \
 && rm -f /var/cache/apt/*.bin \
 && rm -f /var/lib/apt/lists/update* \
@ -51,18 +52,15 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si

 EXPOSE 9009

-ARG ESIA_CA_CERT=test_ca_rtk3.cer
-COPY conf/${ESIA_CA_CERT} ${ESIA_CA_CERT} 
-RUN /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file "${ESIA_CA_CERT}"
+COPY --chown=ervu:ervu conf/cacerts /cacerts
+COPY --chown=ervu:ervu conf/certs /certs
+
+RUN echo "Installing CA certificates" \
+ && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mCA -file {} \;

 USER ervu

-ARG ESIA_CERT="TESIA GOST 2012 new.cer"
-ARG ESIA_CA_CRL=b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
-COPY --chown=ervu:ervu conf/${ESIA_CERT} ${ESIA_CERT} 
-COPY --chown=ervu:ervu conf/${ESIA_CA_CRL} ${ESIA_CA_CRL} 
-
-RUN /opt/cprocsp/bin/amd64/certmgr -install -file "${ESIA_CERT}" \
-  && /opt/cprocsp/bin/amd64/certmgr -install -store uCA -crl -file "${ESIA_CA_CRL}"
+RUN echo "Installing certificates" \
+ && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;

 ENTRYPOINT ["/entrypoint.sh"]
--- a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
+++ b/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
--- a/conf/cacerts/README
+++ b/conf/cacerts/README
@ -0,0 +1 @@
+В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt
--- a/conf/cacerts/guc2022.crt
+++ b/conf/cacerts/guc2022.crt
--- a/conf/cacerts/test-crypto-pro-ca.crt
+++ b/conf/cacerts/test-crypto-pro-ca.crt
--- a/conf/cacerts/test_ca_rtk3.crt
+++ b/conf/cacerts/test_ca_rtk3.crt
--- a/conf/cacerts/ucfk_2023.crt
+++ b/conf/cacerts/ucfk_2023.crt
--- a/conf/certs/MNSV90-test.cer
+++ b/conf/certs/MNSV90-test.cer
--- a/conf/certs/README
+++ b/conf/certs/README
@ -0,0 +1 @@
+В данном каталоге должны находится файлы сертификатов с расширением .cer или .crt
--- a/conf/certs/esia_prod.cer
+++ b/conf/certs/esia_prod.cer
--- a/conf/certs/esia_test.cer
+++ b/conf/certs/esia_test.cer
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,16 +1,19 @@
 #!/bin/bash

-if [ ! -d /var/opt/cprocsp/keys/ervu ];
-  then mkdir -m 700 /var/opt/cprocsp/keys/ervu
-  cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/
-  chown -R ervu:ervu /var/opt/cprocsp/keys/ervu
+username=$(whoami)
+
+if [ ! -d /var/opt/cprocsp/keys/$username ]; then
+  mkdir -m 700 /var/opt/cprocsp/keys/$username
+  cp -r ~/keys/* /var/opt/cprocsp/keys/$username/
+  chown -R $username:$username /var/opt/cprocsp/keys/$username
 fi

 /opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov

-set +e
-cd /home/ervu/cacerts
-echo o | /opt/cprocsp/bin/amd64/certmgr -install -store uRoot -file test_ca_2014.crt
-set -e
+echo "Installing CA certificates"
+find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;
+
+echo "Installing certificates" \
+find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;

 /opt/ervu-sign-module/ervu-sign-module
				`@ -0,0 +1 @@`
				`В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt`