save checkpoint: save features

devops/compose/docker-compose.sm-remote.yml

@@ -5,18 +5,15 @@
 # Provides SM2/SM3/SM4 (ShangMi) cryptographic operations via software provider
 # or integration with OSCCA-certified hardware security modules.
 #
-# Usage (MUST be combined with stella-ops AND compliance-china):
+# Usage (standalone SM Remote service):
+#   docker compose -f docker-compose.sm-remote.yml up -d
+#
+# Optional overlay usage with full platform:
 #   docker compose \
 #     -f docker-compose.stella-ops.yml \
 #     -f docker-compose.compliance-china.yml \
 #     -f docker-compose.sm-remote.yml up -d
 #
-# For development/testing without SM hardware, use crypto-sim.yml instead:
-#   docker compose \
-#     -f docker-compose.stella-ops.yml \
-#     -f docker-compose.compliance-china.yml \
-#     -f docker-compose.crypto-sim.yml up -d
-#
 # SM Algorithms Provided:
 # - SM2: Public key cryptography (ECDSA-like, 256-bit curve) - GM/T 0003-2012
 # - SM3: Cryptographic hash function (256-bit output) - GM/T 0004-2012
@@ -40,15 +37,8 @@ x-sm-remote-labels: &sm-remote-labels
   com.stellaops.crypto.profile: "china"
   com.stellaops.crypto.jurisdiction: "china"
 
-x-sm-remote-env: &sm-remote-env
-  STELLAOPS_CRYPTO_PROVIDERS: "cn.sm.soft,cn.sm.remote.http"
-  STELLAOPS_CRYPTO_SM_REMOTE_URL: "http://sm-remote:56080"
-  STELLAOPS_CRYPTO_SM_ENABLED: "true"
-  SM_SOFT_ALLOWED: "1"
-
 networks:
   stellaops:
-    external: true
     name: stellaops
 
 services:
@@ -90,64 +80,6 @@ services:
       start_period: 15s
     labels: *sm-remote-labels
 
-  # ---------------------------------------------------------------------------
-  # Override services to use SM Remote
-  # ---------------------------------------------------------------------------
-
-  # Authority - Use SM Remote for SM2 signatures
-  authority:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
-  # Signer - Use SM Remote for SM2 signatures
-  signer:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
-  # Attestor - Use SM Remote for SM2 signatures
-  attestor:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
-  # Scanner Web - Use SM Remote for verification
-  scanner-web:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
-  # Scanner Worker - Use SM Remote for verification
-  scanner-worker:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
-  # Excititor - Use SM Remote for VEX signing
-  excititor:
-    environment:
-      <<: *sm-remote-env
-    depends_on:
-      - sm-remote
-    labels:
-      com.stellaops.crypto.provider: "sm"
-
 volumes:
   sm-remote-keys:
     name: stellaops-sm-remote-keys

devops/services/sm-remote/Dockerfile

@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1.7
+
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
+WORKDIR /src
+
+COPY . .
+RUN [ -f /src/nuget.config ] || cp /src/NuGet.config /src/nuget.config
+RUN dotnet restore src/SmRemote/StellaOps.SmRemote.Service/StellaOps.SmRemote.Service.csproj
+RUN dotnet publish src/SmRemote/StellaOps.SmRemote.Service/StellaOps.SmRemote.Service.csproj \
+    -c Release \
+    -o /app/publish \
+    /p:UseAppHost=false
+
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime
+WORKDIR /app
+
+COPY --from=build /app/publish/ ./
+
+ENV ASPNETCORE_URLS=http://0.0.0.0:56080
+EXPOSE 56080
+
+ENTRYPOINT ["dotnet", "StellaOps.SmRemote.Service.dll"]