SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Move example location of config files to /etc

Browse source 
* Move example and integration test configuration files to /etc/csaf,
   this includes the provider's config.toml as well as the test OpenPGP keys.
   This shall make it more compatible with good practices like the FHS.

Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
This commit is contained in:
JanHoefelmeyer 2022-07-21 15:04:09 +02:00 committed by GitHub
parent a84afa35cd
commit 5716374eac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cmd/csaf_provider/config.go
View file

@ -23,7 +23,7 @@ import (
const (
// The environment name, that contains the path to the config file.
configEnv = "CSAF_CONFIG"
configPrefix = "/usr/lib/csaf"
configPrefix = "/etc/csaf"
defaultConfigPath = configPrefix + "/config.toml" // Default path to the config file.
defaultOpenPGPPrivateKey = configPrefix + "/openpgp_private.asc"
defaultOpenPGPPublicKey = configPrefix + "/openpgp_public.asc"

13
docs/provider-setup.md
View file

@ -92,7 +92,7 @@ Create `cgi-bin` folder if it not exists: `mkdir -p /usr/lib/cgi-bin/`.
Rename and place the `csaf_provider` binary file under `/usr/lib/cgi-bin/csaf_provider.go`.
Create configuration file under `/usr/lib/csaf/config.toml`
Create configuration file under `/etc/csaf/config.toml`
and make sure is has good, restrictive permissions.
It must be readable by the user(id), which the webserver's fastcgi interface
uses to start the CGI-binary with,
@ -118,17 +118,6 @@ which you need to customize for a production setup,
see the [options of `csaf_provider`](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md).
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=94-101) -->
<!-- The below code snippet is automatically added from ../docs/scripts/setupProviderForITest.sh -->
```sh
# upload_signature = true
openpgp_private_key = "/usr/lib/csaf/private.asc"
openpgp_public_key = "/usr/lib/csaf/public.asc"
#tlps = ["green", "red"]
canonical_url_prefix = "https://localhost:8443"
categories = ["Example Company Product A", "expr:document.lang"]
create_service_document = true
#no_passphrase = true
```
<!-- MARKDOWN-AUTO-DOCS:END -->

26
docs/scripts/setupProviderForITest.sh
View file

@ -45,7 +45,7 @@ location /cgi-bin/ {
fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml;
fastcgi_param CSAF_CONFIG /etc/csaf/config.toml;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
@ -78,28 +78,28 @@ sudo chgrp www-data /usr/lib/cgi-bin/
sudo chmod o-rwx /usr/lib/cgi-bin/
sudo cp bin-linux-amd64/csaf_provider /usr/lib/cgi-bin/csaf_provider.go
sudo mkdir /usr/lib/csaf/
sudo chgrp www-data /usr/lib/csaf/
sudo chmod g+s,o-rwx /usr/lib/csaf/
sudo touch /usr/lib/csaf/config.toml
sudo chgrp www-data /usr/lib/csaf/config.toml
sudo chmod g+r,o-rwx /usr/lib/csaf/config.toml
sudo mkdir /etc/csaf/
sudo chgrp www-data /etc/csaf/
sudo chmod g+s,o-rwx /etc/csaf/
sudo touch /etc/csaf/config.toml
sudo chgrp www-data /etc/csaf/config.toml
sudo chmod g+r,o-rwx /etc/csaf/config.toml
sudo cp docs/test-keys/*.asc /usr/lib/csaf/
sudo chgrp www-data /usr/lib/csaf/private.asc
sudo chmod o-rwx /usr/lib/csaf/private.asc
sudo cp docs/test-keys/*.asc /etc/csaf/
sudo chgrp www-data /etc/csaf/private.asc
sudo chmod o-rwx /etc/csaf/private.asc
# Configuration file
echo '
# upload_signature = true
openpgp_private_key = "/usr/lib/csaf/private.asc"
openpgp_public_key = "/usr/lib/csaf/public.asc"
openpgp_private_key = "/etc/csaf/private.asc"
openpgp_public_key = "/etc/csaf/public.asc"
#tlps = ["green", "red"]
canonical_url_prefix = "https://localhost:8443"
categories = ["Example Company Product A", "expr:document.lang"]
create_service_document = true
#no_passphrase = true
' | sudo tee --append /usr/lib/csaf/config.toml
' | sudo tee --append /etc/csaf/config.toml
# Create the Folders
curl https://localhost:8443/cgi-bin/csaf_provider.go/create --cert-type p12 --cert ~/devca1/testclient1.p12 --insecure

2
docs/scripts/setupValidationService.sh
View file

@ -9,7 +9,7 @@ sudo chmod g+rw,o-rwx /var/lib/csaf/validations.db
echo '
remote_validator= { "url" = "http://localhost:3000", "presets" = ["mandatory"], "cache" = "/var/lib/csaf/validations.db" }
' | sudo tee --append /usr/lib/csaf/config.toml
' | sudo tee --append /etc/csaf/config.toml
# Install nodejs
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -