From de64b884915e528a69b72389c545740eeb92c28a Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Thu, 26 Jan 2023 16:23:08 +0100 Subject: [PATCH 1/5] Improve documentation for aggregator * Add term "CSAF proxy provider", because it is mentioned now in https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html . * Improve formatting and phrasing. * Improve description of configuration of update_intervall. --- cmd/csaf_aggregator/config.go | 2 +- docs/csaf_aggregator.md | 13 +++++++------ docs/proxy-provider-for-aggregator.md | 7 +++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go index a389704..b32492f 100644 --- a/cmd/csaf_aggregator/config.go +++ b/cmd/csaf_aggregator/config.go @@ -85,7 +85,7 @@ type config struct { // ServiceDocument incidates if we should create a service.json document. ServiceDocument bool `toml:"create_service_document"` - // UpdateInterval is used for publishers a the mandatory field + // UpdateInterval is used for publishers as the mandatory field // 'update_interval'. UpdateInterval *string diff --git a/docs/csaf_aggregator.md b/docs/csaf_aggregator.md index 4771c9b..c0f5ba3 100644 --- a/docs/csaf_aggregator.md +++ b/docs/csaf_aggregator.md @@ -111,11 +111,12 @@ in a `aggregator.category == "aggregator"` instance, set `category` to `lister` in the entry. Otherwise it is recommended to not set `category` for entries. -If a provider's domain starts with https:// its considered a publisher. -These publishers are added to the csaf_publishers list instead of the csaf_providers list which was used before. - -The mandatory value of update_interval can be configured for each publisher (provider) individually. If not given it falls back -to the global update_interval. If this is not given either the default is "on best effort". +If a provider's domain starts with `https://` its considered a publisher. +These publishers are added to the `csaf_publishers` list. +Each publisher must announce an `update_interval`. +This can be configured for each entry. +If not given it is taken from the global `update_interval` +and otherwise the default is "on best effort". #### Example config file @@ -179,4 +180,4 @@ insecure = true In case you want to provide CSAF advisories from others that only qualify as CSAF publishers, see -[how to use the `csaf_aggregator` for it](proxy-provider-for-aggregator.md). +[how to use the `csaf_aggregator` as "CSAF proxy provider"](proxy-provider-for-aggregator.md). diff --git a/docs/proxy-provider-for-aggregator.md b/docs/proxy-provider-for-aggregator.md index bb4c106..e321dd2 100644 --- a/docs/proxy-provider-for-aggregator.md +++ b/docs/proxy-provider-for-aggregator.md @@ -5,7 +5,7 @@ calls it a *CSAF publisher*. After manually downloading the advisories from such a publisher, the tools here can be used to offer the CSAF files for automated downloading -as *CSAF aggregator*. +as *CSAF aggregator*. (The construct is called *CSAF proxy provider*.) There are three necessary steps, easiest is to use one single virtual maschine (or container) per internal provider. @@ -48,7 +48,7 @@ the path via the variable, normally set in `/etc/nginx/fcgiwrap.conf`: (Careful: setting the variable a second time will transfer both values to fcgiwrap via an array. It is not guaranteed that the last value will be used. So if you are thinking about setting this variable dynamically, -you need to make sure only once.) +you need to make sure that is set only once.) For example you can clone the files ```bash @@ -57,9 +57,8 @@ sudo vim /etc/nginx/fcgiwrap-p1.conf sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/internal-p1-cgi sudo ln -s /etc/nginx/sites-available/internal-p1-cgi /etc/nginx/sites-enabled/ sudo vim /etc/nginx/sites-available/internal-p1-cgi - -and then set the right config and port like ``` +and then set the right config file and port like ```nginx include fcgiwrap-p1.conf; From c143a4620b008927fb9200041be0445bb0c680cf Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Thu, 26 Jan 2023 16:30:27 +0100 Subject: [PATCH 2/5] Further improve documentation for aggregator --- docs/csaf_aggregator.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/csaf_aggregator.md b/docs/csaf_aggregator.md index c0f5ba3..923fec3 100644 --- a/docs/csaf_aggregator.md +++ b/docs/csaf_aggregator.md @@ -111,12 +111,13 @@ in a `aggregator.category == "aggregator"` instance, set `category` to `lister` in the entry. Otherwise it is recommended to not set `category` for entries. -If a provider's domain starts with `https://` its considered a publisher. -These publishers are added to the `csaf_publishers` list. -Each publisher must announce an `update_interval`. -This can be configured for each entry. -If not given it is taken from the global `update_interval` -and otherwise the default is "on best effort". +If a provider's domain starts with `https://` it is considered a publisher. +These publishers are added to the `csaf_publishers` list, written +to the resulting `aggregator.json`. +Each publisher must announce an `update_interval` there. +This can be configured for each entry, by the config option with the same name. +If not given it is taken from the configured default +and otherwise the internal default is "on best effort". #### Example config file From 8e5dd88a62ab0582f1360a6ddd940b59d3316fc6 Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Fri, 27 Jan 2023 09:41:02 +0100 Subject: [PATCH 3/5] Update docs/csaf_aggregator.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/csaf_aggregator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/csaf_aggregator.md b/docs/csaf_aggregator.md index 923fec3..df9d582 100644 --- a/docs/csaf_aggregator.md +++ b/docs/csaf_aggregator.md @@ -117,7 +117,7 @@ to the resulting `aggregator.json`. Each publisher must announce an `update_interval` there. This can be configured for each entry, by the config option with the same name. If not given it is taken from the configured default -and otherwise the internal default is "on best effort". +Otherwise, the internal default "on best effort" is used. #### Example config file From ec2881a7e1c1e4f874211c08c499fd2f14e04a17 Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Fri, 27 Jan 2023 09:42:51 +0100 Subject: [PATCH 4/5] Update docs/proxy-provider-for-aggregator.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/proxy-provider-for-aggregator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proxy-provider-for-aggregator.md b/docs/proxy-provider-for-aggregator.md index e321dd2..f34d714 100644 --- a/docs/proxy-provider-for-aggregator.md +++ b/docs/proxy-provider-for-aggregator.md @@ -5,7 +5,7 @@ calls it a *CSAF publisher*. After manually downloading the advisories from such a publisher, the tools here can be used to offer the CSAF files for automated downloading -as *CSAF aggregator*. (The construct is called *CSAF proxy provider*.) +as *CSAF aggregator*. (The construct is called *CSAF proxy provider*. See [Section 7.2.5](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#725-role-csaf-aggregator) for more details.) There are three necessary steps, easiest is to use one single virtual maschine (or container) per internal provider. From acb3d96c70f3256a3dc90a75bbbbf03415501628 Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Mon, 23 Jan 2023 14:22:51 +0100 Subject: [PATCH 5/5] Return error if parsing time string failed. --- util/json.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/json.go b/util/json.go index be9f330..d475ecb 100644 --- a/util/json.go +++ b/util/json.go @@ -155,7 +155,7 @@ func TimeMatcher(dst *time.Time, format string) func(any) error { } t, err := time.Parse(format, s) if err != nil { - return nil + return err } *dst = t return nil