DEVOPS-1897 Docker refactoring
This commit is contained in:
Pavel Zilke
parent
0a3f5eef66
commit
e22f584a2f
13 changed files with 22 additions and 21 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -5,4 +5,3 @@ CMakeFiles/
|
|||
CMakeLists.txt.user
|
||||
src/config.h
|
||||
src/version.h
|
||||
|
||||
|
|
|
|||
|
|
@ -51,18 +51,15 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si
|
|||
|
||||
EXPOSE 9009
|
||||
|
||||
ARG ESIA_CA_CERT=test_ca_rtk3.cer
|
||||
COPY conf/${ESIA_CA_CERT} ${ESIA_CA_CERT}
|
||||
RUN /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file "${ESIA_CA_CERT}"
|
||||
COPY --chown=ervu:ervu conf/cacerts /cacerts
|
||||
COPY --chown=ervu:ervu conf/certs /certs
|
||||
|
||||
RUN echo "Installing CA certificates" \
|
||||
&& find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mCA -file {} \;
|
||||
|
||||
USER ervu
|
||||
|
||||
ARG ESIA_CERT="TESIA GOST 2012 new.cer"
|
||||
ARG ESIA_CA_CRL=b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
|
||||
COPY --chown=ervu:ervu conf/${ESIA_CERT} ${ESIA_CERT}
|
||||
COPY --chown=ervu:ervu conf/${ESIA_CA_CRL} ${ESIA_CA_CRL}
|
||||
|
||||
RUN /opt/cprocsp/bin/amd64/certmgr -install -file "${ESIA_CERT}" \
|
||||
&& /opt/cprocsp/bin/amd64/certmgr -install -store uCA -crl -file "${ESIA_CA_CRL}"
|
||||
RUN echo "Installing certificates" \
|
||||
&& find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
|
|
|||
Binary file not shown.
1
conf/cacerts/README
Normal file
1
conf/cacerts/README
Normal file
|
|
@ -0,0 +1 @@
|
|||
В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt
|
||||
BIN
conf/cacerts/guc2022.crt
Normal file
BIN
conf/cacerts/guc2022.crt
Normal file
Binary file not shown.
BIN
conf/cacerts/ucfk_2023.crt
Normal file
BIN
conf/cacerts/ucfk_2023.crt
Normal file
Binary file not shown.
1
conf/certs/README
Normal file
1
conf/certs/README
Normal file
|
|
@ -0,0 +1 @@
|
|||
В данном каталоге должны находится файлы сертификатов с расширением .cer или .crt
|
||||
BIN
conf/certs/esia_prod.cer
Normal file
BIN
conf/certs/esia_prod.cer
Normal file
Binary file not shown.
|
|
@ -1,16 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ! -d /var/opt/cprocsp/keys/ervu ];
|
||||
then mkdir -m 700 /var/opt/cprocsp/keys/ervu
|
||||
cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/
|
||||
chown -R ervu:ervu /var/opt/cprocsp/keys/ervu
|
||||
username=$(whoami)
|
||||
|
||||
if [ ! -d /var/opt/cprocsp/keys/$username ]; then
|
||||
mkdir -m 700 /var/opt/cprocsp/keys/$username
|
||||
cp -r ~/keys/* /var/opt/cprocsp/keys/$username/
|
||||
chown -R $username:$username /var/opt/cprocsp/keys/$username
|
||||
fi
|
||||
|
||||
/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov
|
||||
|
||||
set +e
|
||||
cd /home/ervu/cacerts
|
||||
echo o | /opt/cprocsp/bin/amd64/certmgr -install -store uRoot -file test_ca_2014.crt
|
||||
set -e
|
||||
echo "Installing CA certificates"
|
||||
find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;
|
||||
|
||||
echo "Installing certificates" \
|
||||
find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
|
||||
|
||||
/opt/ervu-sign-module/ervu-sign-module
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue