diff --git a/.gitignore b/.gitignore index 54be822..911fe8a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ 7h96bfno.000/ linux-amd64.tgz -conf/ervu-sign-module.conf CMakeFiles/ +/conf/keys/ +/conf/ervu-sign-module.conf CMakeLists.txt.user src/config.h src/version.h diff --git a/Dockerfile.micord b/Dockerfile.micord index a3eda9b..d6317c6 100644 --- a/Dockerfile.micord +++ b/Dockerfile.micord @@ -51,20 +51,6 @@ COPY --from=builder /opt/cprocsp /opt/cprocsp COPY --from=builder /var/opt/cprocsp /var/opt/cprocsp COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-sign-module -#VOLUME /var/opt/cprocsp/keys/ervu/7h96bfno.000 - EXPOSE 9009 -COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/cacerts /cacerts -COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/certs /certs - - -RUN echo "Installing CA certificates" \ - && /opt/cprocsp/sbin/amd64/cryptsrv \ - && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file {} \; - -RUN echo "Installing certificates" \ - && /opt/cprocsp/sbin/amd64/cryptsrv \ - && su -c 'find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER - ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker-compose.yaml b/docker-compose.yaml index 8142ad9..0162bfe 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -4,8 +4,10 @@ services: context: . dockerfile: Dockerfile.micord volumes: - - ./7h96bfno.000:/home/ervu/keys/7h96bfno.000 + - ./conf/keys:/home/ervu/keys/ - ./conf/ervu-sign-module.conf:/etc/ervu-sign-module.conf + - ./conf/cacerts:/home/ervu/cacerts + - ./conf/certs:/home/ervu/certs nginx: image: nginx:latest links: diff --git a/entrypoint.sh b/entrypoint.sh index f40af3d..b4a7189 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,5 @@ #!/bin/bash -username=$RUNTIME_USER set -e echo "Starting cryptsrv" @@ -8,18 +7,18 @@ echo "Starting cryptsrv" echo $? set +e -if [ ! -d /var/opt/cprocsp/keys/$username ]; then - mkdir -m 700 /var/opt/cprocsp/keys/$username - cp -r /home/$username/keys/* /var/opt/cprocsp/keys/$username/ - chown -R $username:$username /var/opt/cprocsp/keys/$username +if [ ! -d /var/opt/cprocsp/keys/$RUNTIME_USER ]; then + mkdir -m 700 /var/opt/cprocsp/keys/$RUNTIME_USER + cp -r /home/$RUNTIME_USER/keys/* /var/opt/cprocsp/keys/$RUNTIME_USER/ + chown -R $RUNTIME_USER:$RUNTIME_USER /var/opt/cprocsp/keys/$RUNTIME_USER fi -su - -c '/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov' $username +su - -c '/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov' $RUNTIME_USER echo "Installing CA certificates" -su - -c 'find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;' $username +su - -c 'find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;' $RUNTIME_USER echo "Installing certificates" -su - -c 'find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $username +su - -c 'find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER -su - -c '/opt/ervu-sign-module/ervu-sign-module' $username +su - -c '/opt/ervu-sign-module/ervu-sign-module' $RUNTIME_USER