#!/usr/bin/env bash set -euo pipefail ROOT_DIR="$(git rev-parse --show-toplevel)" TIMESTAMP="$(date -u +%Y%m%dT%H%M%SZ)" OUTPUT_ROOT="${1:-${ROOT_DIR}/build/rootpack_ru_${TIMESTAMP}}" ARTIFACT_DIR="${OUTPUT_ROOT}/artifacts" DOC_DIR="${OUTPUT_ROOT}/docs" CONFIG_DIR="${OUTPUT_ROOT}/config" TRUST_DIR="${OUTPUT_ROOT}/trust" mkdir -p "$ARTIFACT_DIR" "$DOC_DIR" "$CONFIG_DIR" "$TRUST_DIR" publish_plugin() { local project="$1" local name="$2" local publish_dir="${ARTIFACT_DIR}/${name}" echo "[rootpack-ru] Publishing ${project} -> ${publish_dir}" dotnet publish "$project" -c Release -o "$publish_dir" --nologo >/dev/null } publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj" "StellaOps.Cryptography.Plugin.CryptoPro" publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.Pkcs11Gost/StellaOps.Cryptography.Plugin.Pkcs11Gost.csproj" "StellaOps.Cryptography.Plugin.Pkcs11Gost" cp docs/security/rootpack_ru_validation.md "$DOC_DIR/" cp docs/security/crypto-routing-audit-2025-11-07.md "$DOC_DIR/" cp docs/security/rootpack_ru_package.md "$DOC_DIR/" cp etc/rootpack/ru/crypto.profile.yaml "$CONFIG_DIR/rootpack_ru.crypto.yaml" shopt -s nullglob for pem in "$ROOT_DIR"/certificates/russian_trusted_*; do cp "$pem" "$TRUST_DIR/" done shopt -u nullglob cat <"${OUTPUT_ROOT}/README.txt" RootPack_RU bundle (${TIMESTAMP}) -------------------------------- Contents: - artifacts/ : Sovereign crypto plug-ins published for net10.0 (CryptoPro + PKCS#11) - config/rootpack_ru.crypto.yaml : example configuration binding registry profiles - docs/ : validation + audit documentation - trust/ : Russian trust anchor PEM bundle copied from certificates/ Usage: 1. Review docs/rootpack_ru_package.md for installation steps. 2. Execute scripts/crypto/run-rootpack-ru-tests.sh (or CI equivalent) and attach the logs to this bundle. 3. Record hardware validation outputs per docs/rootpack_ru_validation.md and store alongside this directory. README if [[ "${PACKAGE_TAR:-1}" != "0" ]]; then tarball="${OUTPUT_ROOT}.tar.gz" echo "[rootpack-ru] Creating ${tarball}" tar -czf "$tarball" -C "$(dirname "$OUTPUT_ROOT")" "$(basename "$OUTPUT_ROOT")" fi echo "[rootpack-ru] Bundle staged under $OUTPUT_ROOT"