ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp-kc2:c10f1-5.0.13000-20250124
ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
ARG RUNTIME_USER=ervu

FROM ${BUILDER_IMAGE} AS builder

RUN apt-get update \
 && apt-get -y install \
       crontabs \
       glibc-locales \
       unzip \
       glib2-devel \
       libfcgi-devel \
       cmake \
       make \
       gcc \
       gcc10 \
       libjson-glib libjson-glib-devel \
       libuuid libuuid-devel

WORKDIR /build
COPY src src
COPY CMakeLists.txt CMakeLists.txt

RUN mkdir -p .build \
 && cd .build \
 && cmake .. \
 && make -j4


FROM ${RUNTIME_IMAGE}

ENV TZ=Europe/Moscow
ARG RUNTIME_USER
ENV RUNTIME_USER=$RUNTIME_USER

COPY entrypoint.sh /entrypoint.sh

RUN apt-get update \
 && apt-get -y install glib2 libfcgi libjson-glib libuuid su startup \
 && apt-get clean \
 && rm -f /var/cache/apt/*.bin \
 && rm -f /var/lib/apt/lists/update* \
 && chmod +x /entrypoint.sh \
 && groupadd --system --gid 500 $RUNTIME_USER \
 && adduser --system --no-create-home --uid 500 --gid 500 $RUNTIME_USER

COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp
COPY --from=builder /opt/cprocsp /opt/cprocsp
COPY --from=builder /var/opt/cprocsp /var/opt/cprocsp
COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-sign-module

#VOLUME /var/opt/cprocsp/keys/ervu/7h96bfno.000

EXPOSE 9009

COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/cacerts /cacerts
COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/certs /certs


RUN echo "Installing CA certificates" \
 && /opt/cprocsp/sbin/amd64/cryptsrv \
 && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file {} \;

RUN echo "Installing certificates" \
 && /opt/cprocsp/sbin/amd64/cryptsrv \
 && su -c 'find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER

ENTRYPOINT ["/entrypoint.sh"]