70 lines
2.7 KiB
Bash
70 lines
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(git rev-parse --show-toplevel)"
|
|
TIMESTAMP="$(date -u +%Y%m%dT%H%M%SZ)"
|
|
OUTPUT_ROOT="${1:-${ROOT_DIR}/build/rootpack_ru_${TIMESTAMP}}"
|
|
ARTIFACT_DIR="${OUTPUT_ROOT}/artifacts"
|
|
DOC_DIR="${OUTPUT_ROOT}/docs"
|
|
CONFIG_DIR="${OUTPUT_ROOT}/config"
|
|
TRUST_DIR="${OUTPUT_ROOT}/trust"
|
|
|
|
mkdir -p "$ARTIFACT_DIR" "$DOC_DIR" "$CONFIG_DIR" "$TRUST_DIR"
|
|
|
|
publish_plugin() {
|
|
local project="$1"
|
|
local name="$2"
|
|
local publish_dir="${ARTIFACT_DIR}/${name}"
|
|
echo "[rootpack-ru] Publishing ${project} -> ${publish_dir}"
|
|
dotnet publish "$project" -c Release -o "$publish_dir" --nologo >/dev/null
|
|
}
|
|
|
|
publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj" "StellaOps.Cryptography.Plugin.CryptoPro"
|
|
publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.Pkcs11Gost/StellaOps.Cryptography.Plugin.Pkcs11Gost.csproj" "StellaOps.Cryptography.Plugin.Pkcs11Gost"
|
|
|
|
cp docs/security/rootpack_ru_validation.md "$DOC_DIR/"
|
|
cp docs/security/crypto-routing-audit-2025-11-07.md "$DOC_DIR/"
|
|
cp docs/security/rootpack_ru_package.md "$DOC_DIR/"
|
|
cp etc/rootpack/ru/crypto.profile.yaml "$CONFIG_DIR/rootpack_ru.crypto.yaml"
|
|
|
|
if [ "${INCLUDE_GOST_VALIDATION:-1}" != "0" ]; then
|
|
candidate="${OPENSSL_GOST_LOG_DIR:-}"
|
|
if [ -z "$candidate" ]; then
|
|
candidate="$(ls -d "${ROOT_DIR}"/logs/openssl_gost_validation_* "${ROOT_DIR}"/logs/rootpack_ru_*/openssl_gost 2>/dev/null | sort | tail -n 1 || true)"
|
|
fi
|
|
|
|
if [ -n "$candidate" ] && [ -d "$candidate" ]; then
|
|
mkdir -p "${DOC_DIR}/gost-validation"
|
|
cp -r "$candidate" "${DOC_DIR}/gost-validation/latest"
|
|
fi
|
|
fi
|
|
|
|
shopt -s nullglob
|
|
for pem in "$ROOT_DIR"/certificates/russian_trusted_*; do
|
|
cp "$pem" "$TRUST_DIR/"
|
|
done
|
|
shopt -u nullglob
|
|
|
|
cat <<README >"${OUTPUT_ROOT}/README.txt"
|
|
RootPack_RU bundle (${TIMESTAMP})
|
|
--------------------------------
|
|
Contents:
|
|
- artifacts/ : Sovereign crypto plug-ins published for net10.0 (CryptoPro + PKCS#11)
|
|
- config/rootpack_ru.crypto.yaml : example configuration binding registry profiles
|
|
- docs/ : validation + audit documentation
|
|
- trust/ : Russian trust anchor PEM bundle copied from certificates/
|
|
|
|
Usage:
|
|
1. Review docs/rootpack_ru_package.md for installation steps.
|
|
2. Execute scripts/crypto/run-rootpack-ru-tests.sh (or CI equivalent) and attach the logs to this bundle.
|
|
3. Record hardware validation outputs per docs/rootpack_ru_validation.md and store alongside this directory.
|
|
README
|
|
|
|
if [[ "${PACKAGE_TAR:-1}" != "0" ]]; then
|
|
tarball="${OUTPUT_ROOT}.tar.gz"
|
|
echo "[rootpack-ru] Creating ${tarball}"
|
|
tar -czf "$tarball" -C "$(dirname "$OUTPUT_ROOT")" "$(basename "$OUTPUT_ROOT")"
|
|
fi
|
|
|
|
echo "[rootpack-ru] Bundle staged under $OUTPUT_ROOT"
|