up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -17,8 +17,6 @@ volumes:
|
||||
advisory-ai-plans:
|
||||
advisory-ai-outputs:
|
||||
postgres-data:
|
||||
wine-csp-prefix:
|
||||
wine-csp-logs:
|
||||
|
||||
services:
|
||||
mongo:
|
||||
@@ -332,42 +330,20 @@ services:
|
||||
- stellaops
|
||||
labels: *release-labels
|
||||
|
||||
# Wine CSP Service - GOST cryptographic operations via Wine-hosted CryptoPro CSP
|
||||
# WARNING: For TEST VECTOR GENERATION ONLY - not for production signing
|
||||
wine-csp:
|
||||
image: registry.stella-ops.org/stellaops/wine-csp:${WINE_CSP_VERSION:-2025.10.0-edge}
|
||||
cryptopro-csp:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: ops/wine-csp/Dockerfile
|
||||
dockerfile: ops/cryptopro/linux-csp-service/Dockerfile
|
||||
args:
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
WINE_CSP_PORT: "${WINE_CSP_PORT:-5099}"
|
||||
WINE_CSP_MODE: "${WINE_CSP_MODE:-limited}"
|
||||
WINE_CSP_INSTALLER_PATH: "${WINE_CSP_INSTALLER_PATH:-/opt/cryptopro/csp-installer.msi}"
|
||||
WINE_CSP_LOG_LEVEL: "${WINE_CSP_LOG_LEVEL:-Information}"
|
||||
ASPNETCORE_ENVIRONMENT: "${ASPNETCORE_ENVIRONMENT:-Development}"
|
||||
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
volumes:
|
||||
- ../../opt/cryptopro/downloads:/opt/cryptopro/downloads:ro
|
||||
- wine-csp-prefix:/home/winecsp/.wine
|
||||
- wine-csp-logs:/var/log/wine-csp
|
||||
# Mount customer-provided CSP installer (optional):
|
||||
# - /path/to/csp-5.0.msi:/opt/cryptopro/csp-installer.msi:ro
|
||||
ports:
|
||||
- "${WINE_CSP_PORT:-5099}:5099"
|
||||
- "${CRYPTOPRO_PORT:-18080}:8080"
|
||||
networks:
|
||||
- stellaops
|
||||
healthcheck:
|
||||
test: ["/usr/local/bin/healthcheck.sh"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
start_period: 90s
|
||||
retries: 3
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 2G
|
||||
labels:
|
||||
<<: *release-labels
|
||||
com.stellaops.component: "wine-csp"
|
||||
com.stellaops.security.production-signing: "false"
|
||||
com.stellaops.security.test-vectors-only: "true"
|
||||
labels: *release-labels
|
||||
|
||||
@@ -73,15 +73,18 @@ services:
|
||||
labels: *release-labels
|
||||
networks: [stellaops]
|
||||
|
||||
# Wine CSP Service - GOST cryptographic operations via Wine-hosted CryptoPro CSP
|
||||
# WARNING: For TEST VECTOR GENERATION ONLY - not for production signing
|
||||
wine-csp:
|
||||
image: registry.stella-ops.org/stellaops/wine-csp:${WINE_CSP_VERSION:-2025.09.2-mock}
|
||||
cryptopro-csp:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: ops/cryptopro/linux-csp-service/Dockerfile
|
||||
args:
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
environment:
|
||||
WINE_CSP_PORT: "5099"
|
||||
WINE_CSP_MODE: "limited"
|
||||
WINE_CSP_LOG_LEVEL: "Debug"
|
||||
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
volumes:
|
||||
- ../../opt/cryptopro/downloads:/opt/cryptopro/downloads:ro
|
||||
ports:
|
||||
- "${CRYPTOPRO_PORT:-18080}:8080"
|
||||
labels: *release-labels
|
||||
networks: [stellaops]
|
||||
|
||||
52
deploy/compose/env/wine-csp.env.example
vendored
52
deploy/compose/env/wine-csp.env.example
vendored
@@ -1,52 +0,0 @@
|
||||
# Wine CSP Service Environment Configuration
|
||||
# ===========================================================================
|
||||
#
|
||||
# WARNING: This service is for TEST VECTOR GENERATION ONLY.
|
||||
# It MUST NOT be used for production cryptographic signing operations.
|
||||
#
|
||||
# ===========================================================================
|
||||
|
||||
# Service port (default: 5099)
|
||||
WINE_CSP_PORT=5099
|
||||
|
||||
# Operation mode:
|
||||
# - limited: Works without CryptoPro CSP (basic GostCryptography only)
|
||||
# - full: Requires CryptoPro CSP installer to be mounted at WINE_CSP_INSTALLER_PATH
|
||||
WINE_CSP_MODE=limited
|
||||
|
||||
# Path to CryptoPro CSP installer MSI (customer-provided)
|
||||
# Mount your licensed CSP installer to /opt/cryptopro/csp-installer.msi
|
||||
WINE_CSP_INSTALLER_PATH=/opt/cryptopro/csp-installer.msi
|
||||
|
||||
# Logging level: Trace, Debug, Information, Warning, Error, Critical
|
||||
WINE_CSP_LOG_LEVEL=Information
|
||||
|
||||
# Image version tag
|
||||
WINE_CSP_VERSION=2025.10.0-edge
|
||||
|
||||
# ASP.NET Core environment (Development, Staging, Production)
|
||||
ASPNETCORE_ENVIRONMENT=Production
|
||||
|
||||
# ===========================================================================
|
||||
# Advanced Configuration (typically not changed)
|
||||
# ===========================================================================
|
||||
|
||||
# Wine debug output (set to "warn+all" for troubleshooting)
|
||||
# WINEDEBUG=-all
|
||||
|
||||
# Wine architecture (must be win64 for CryptoPro CSP)
|
||||
# WINEARCH=win64
|
||||
|
||||
# ===========================================================================
|
||||
# Volume Mounts (configure in docker-compose, not here)
|
||||
# ===========================================================================
|
||||
# - Wine prefix: /home/winecsp/.wine (persistent storage)
|
||||
# - CSP installer: /opt/cryptopro (read-only mount)
|
||||
# - Logs: /var/log/wine-csp (log output)
|
||||
# - CSP packages: /opt/cryptopro/downloads (bind from <repo>/opt/cryptopro/downloads)
|
||||
#
|
||||
# Example mount for CSP installer:
|
||||
# volumes:
|
||||
# - /path/to/your/csp-5.0.msi:/opt/cryptopro/csp-installer.msi:ro
|
||||
# volumes:
|
||||
# - ../../opt/cryptopro/downloads:/opt/cryptopro/downloads:ro
|
||||
Reference in New Issue
Block a user