SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Move example location of config files to /etc

Browse source 
* Move example and integration test configuration files to /etc/csaf,
   this includes the provider's config.toml as well as the test OpenPGP keys.
   This shall make it more compatible with good practices like the FHS.

Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
This commit is contained in:
JanHoefelmeyer 2022-07-21 15:04:09 +02:00 committed by GitHub
parent a84afa35cd
commit 5716374eac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cmd/csaf_provider/config.go
View file

@ -23,7 +23,7 @@ import (
const ( const (
// The environment name, that contains the path to the config file. // The environment name, that contains the path to the config file.
configEnv = "CSAF_CONFIG" configEnv = "CSAF_CONFIG"
configPrefix = "/usr/lib/csaf" configPrefix = "/etc/csaf"
defaultConfigPath = configPrefix + "/config.toml" // Default path to the config file. defaultConfigPath = configPrefix + "/config.toml" // Default path to the config file.
defaultOpenPGPPrivateKey = configPrefix + "/openpgp_private.asc" defaultOpenPGPPrivateKey = configPrefix + "/openpgp_private.asc"
defaultOpenPGPPublicKey = configPrefix + "/openpgp_public.asc" defaultOpenPGPPublicKey = configPrefix + "/openpgp_public.asc"

13
docs/provider-setup.md
View file

@ -92,7 +92,7 @@ Create `cgi-bin` folder if it not exists: `mkdir -p /usr/lib/cgi-bin/`.
Rename and place the `csaf_provider` binary file under `/usr/lib/cgi-bin/csaf_provider.go`. Rename and place the `csaf_provider` binary file under `/usr/lib/cgi-bin/csaf_provider.go`.
Create configuration file under `/usr/lib/csaf/config.toml` Create configuration file under `/etc/csaf/config.toml`
and make sure is has good, restrictive permissions. and make sure is has good, restrictive permissions.
It must be readable by the user(id), which the webserver's fastcgi interface It must be readable by the user(id), which the webserver's fastcgi interface
uses to start the CGI-binary with, uses to start the CGI-binary with,
@ -118,17 +118,6 @@ which you need to customize for a production setup,
see the [options of `csaf_provider`](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md). see the [options of `csaf_provider`](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md).
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=94-101) --> <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=94-101) -->
<!-- The below code snippet is automatically added from ../docs/scripts/setupProviderForITest.sh -->
```sh
# upload_signature = true
openpgp_private_key = "/usr/lib/csaf/private.asc"
openpgp_public_key = "/usr/lib/csaf/public.asc"
#tlps = ["green", "red"]
canonical_url_prefix = "https://localhost:8443"
categories = ["Example Company Product A", "expr:document.lang"]
create_service_document = true
#no_passphrase = true
```
<!-- MARKDOWN-AUTO-DOCS:END --> <!-- MARKDOWN-AUTO-DOCS:END -->

26
docs/scripts/setupProviderForITest.sh
View file

@ -45,7 +45,7 @@ location /cgi-bin/ {
fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml; fastcgi_param CSAF_CONFIG /etc/csaf/config.toml;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify; fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
@ -78,28 +78,28 @@ sudo chgrp www-data /usr/lib/cgi-bin/
sudo chmod o-rwx /usr/lib/cgi-bin/ sudo chmod o-rwx /usr/lib/cgi-bin/
sudo cp bin-linux-amd64/csaf_provider /usr/lib/cgi-bin/csaf_provider.go sudo cp bin-linux-amd64/csaf_provider /usr/lib/cgi-bin/csaf_provider.go
sudo mkdir /usr/lib/csaf/ sudo mkdir /etc/csaf/
sudo chgrp www-data /usr/lib/csaf/ sudo chgrp www-data /etc/csaf/
sudo chmod g+s,o-rwx /usr/lib/csaf/ sudo chmod g+s,o-rwx /etc/csaf/
sudo touch /usr/lib/csaf/config.toml sudo touch /etc/csaf/config.toml
sudo chgrp www-data /usr/lib/csaf/config.toml sudo chgrp www-data /etc/csaf/config.toml
sudo chmod g+r,o-rwx /usr/lib/csaf/config.toml sudo chmod g+r,o-rwx /etc/csaf/config.toml
sudo cp docs/test-keys/*.asc /usr/lib/csaf/ sudo cp docs/test-keys/*.asc /etc/csaf/
sudo chgrp www-data /usr/lib/csaf/private.asc sudo chgrp www-data /etc/csaf/private.asc
sudo chmod o-rwx /usr/lib/csaf/private.asc sudo chmod o-rwx /etc/csaf/private.asc
# Configuration file # Configuration file
echo ' echo '
# upload_signature = true # upload_signature = true
openpgp_private_key = "/usr/lib/csaf/private.asc" openpgp_private_key = "/etc/csaf/private.asc"
openpgp_public_key = "/usr/lib/csaf/public.asc" openpgp_public_key = "/etc/csaf/public.asc"
#tlps = ["green", "red"] #tlps = ["green", "red"]
canonical_url_prefix = "https://localhost:8443" canonical_url_prefix = "https://localhost:8443"
categories = ["Example Company Product A", "expr:document.lang"] categories = ["Example Company Product A", "expr:document.lang"]
create_service_document = true create_service_document = true
#no_passphrase = true #no_passphrase = true
' | sudo tee --append /usr/lib/csaf/config.toml ' | sudo tee --append /etc/csaf/config.toml
# Create the Folders # Create the Folders
curl https://localhost:8443/cgi-bin/csaf_provider.go/create --cert-type p12 --cert ~/devca1/testclient1.p12 --insecure curl https://localhost:8443/cgi-bin/csaf_provider.go/create --cert-type p12 --cert ~/devca1/testclient1.p12 --insecure

2
docs/scripts/setupValidationService.sh
View file

@ -9,7 +9,7 @@ sudo chmod g+rw,o-rwx /var/lib/csaf/validations.db
echo ' echo '
remote_validator= { "url" = "http://localhost:3000", "presets" = ["mandatory"], "cache" = "/var/lib/csaf/validations.db" } remote_validator= { "url" = "http://localhost:3000", "presets" = ["mandatory"], "cache" = "/var/lib/csaf/validations.db" }
' | sudo tee --append /usr/lib/csaf/config.toml ' | sudo tee --append /etc/csaf/config.toml
# Install nodejs # Install nodejs
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -