diff --git a/docker/backend.entrypoint.sh b/docker/backend.entrypoint.sh index b1c73cf2..eb086ad5 100755 --- a/docker/backend.entrypoint.sh +++ b/docker/backend.entrypoint.sh @@ -136,7 +136,7 @@ install_llm_ca_certs() { fi local raw_file="${work_dir}/${filename}" - local pem_file="${target_dir}/$(echo "$filename" | sed 's/\.[^.]*$//').pem" + local pem_file="${target_dir}/$(echo "$filename" | sed 's/\.[^.]*$//').crt" echo "[entrypoint] [${index}] Скачивание: ${url}" @@ -208,14 +208,14 @@ install_llm_ca_certs() { # Проверяем, попали ли сертификаты в бандл, и создаём хеш-симлинки echo "[entrypoint] --- Валидация установки сертификатов ---" - for pem in "$target_dir"/*.pem; do - [ -f "$pem" ] || continue + for cert_file in "$target_dir"/*.crt; do + [ -f "$cert_file" ] || continue local cert_name - cert_name="$(basename "$pem" .pem)" + cert_name="$(basename "$cert_file" .crt)" local cert_subject - cert_subject="$(openssl x509 -in "$pem" -noout -subject 2>/dev/null | head -1 || echo "unknown")" + cert_subject="$(openssl x509 -in "$cert_file" -noout -subject 2>/dev/null | head -1 || echo "unknown")" local cert_fingerprint - cert_fingerprint="$(openssl x509 -in "$pem" -noout -fingerprint -sha256 2>/dev/null | sed 's/.*=//' || echo "")" + cert_fingerprint="$(openssl x509 -in "$cert_file" -noout -fingerprint -sha256 2>/dev/null | sed 's/.*=//' || echo "")" # Проверяем есть ли в ca-certificates.crt по fingerprint (криптографически уникален) if [ -n "$cert_fingerprint" ] && \ @@ -223,26 +223,26 @@ install_llm_ca_certs() { echo "[entrypoint] ✅ ${cert_name} — в ca-certificates.crt (${cert_subject})" else echo "[entrypoint] ⚠ ${cert_name} — НЕ в ca-certificates.crt. Добавляем напрямую..." - cat "$pem" >> /etc/ssl/certs/ca-certificates.crt + cat "$cert_file" >> /etc/ssl/certs/ca-certificates.crt echo "[entrypoint] ➕ Добавлен напрямую в ca-certificates.crt" fi # Создаём хеш-симлинку с поддержкой коллизий (.0, .1, .2...) local hash_val - hash_val="$(openssl x509 -in "$pem" -noout -hash 2>/dev/null || true)" + hash_val="$(openssl x509 -in "$cert_file" -noout -hash 2>/dev/null || true)" if [ -n "$hash_val" ]; then local suffix=0 local link_path="/etc/ssl/certs/${hash_val}.${suffix}" # Ищем первый свободный suffix или symlink уже указывающий на наш файл while [ -L "$link_path" ]; do - if [ "$(readlink "$link_path")" = "$pem" ]; then + if [ "$(readlink "$link_path")" = "$cert_file" ]; then break 2 # уже есть, ничего не делаем fi suffix=$((suffix + 1)) link_path="/etc/ssl/certs/${hash_val}.${suffix}" done if [ ! -L "$link_path" ]; then - ln -sf "$pem" "$link_path" + ln -sf "$cert_file" "$link_path" echo "[entrypoint] 🔗 Создана симлинка: ${hash_val}.${suffix} → ${cert_name}" fi fi