mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Change openpgp key providing code to use local directory
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally provided directory `openpgp` beside the `prodiver-metadata.json`. This more robust and self-reliant than using a public pubkey server, which is the reason why the CSAF 2.0 csd02 mentions it as example in "7.1.20 Requirement 20: Public OpenPGP Key". * Improve aggregator by removing a typo `aggreator` from one written paths. (Done with this change as it also affects the openpgp/ paths writing.) solve #85
This commit is contained in:
Sascha L. Teichmann
GitHub
parent
a849ac0d5f
commit
69f0f3499a
8 changed files with 229 additions and 97 deletions
|
|
@ -15,7 +15,6 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
|
|
@ -31,7 +30,6 @@ const (
|
|||
defaultFolder = "/var/www"
|
||||
defaultWeb = "/var/www/html"
|
||||
defaultDomain = "https://example.com"
|
||||
defaultOpenPGPURL = "https://openpgp.circl.lu/pks/lookup?op=get&search=${FINGERPRINT}" // Default OpenPGP URL.
|
||||
)
|
||||
|
||||
type provider struct {
|
||||
|
|
@ -54,8 +52,8 @@ type config struct {
|
|||
Insecure *bool `toml:"insecure"`
|
||||
Aggregator csaf.AggregatorInfo `toml:"aggregator"`
|
||||
Providers []*provider `toml:"providers"`
|
||||
Key string `toml:"key"`
|
||||
OpenPGPURL string `toml:"openpgp_url"`
|
||||
OpenPGPPrivateKey string `toml:"openpgp_private_key"`
|
||||
OpenPGPPublicKey string `toml:"openpgp_public_key"`
|
||||
Passphrase *string `toml:"passphrase"`
|
||||
AllowSingleProvider bool `toml:"allow_single_provider"`
|
||||
|
||||
|
|
@ -80,17 +78,8 @@ func (c *config) runAsMirror() bool {
|
|||
*c.Aggregator.Category == csaf.AggregatorAggregator
|
||||
}
|
||||
|
||||
func (c *config) GetOpenPGPURL(key *crypto.Key) string {
|
||||
if key == nil {
|
||||
return c.OpenPGPURL
|
||||
}
|
||||
return strings.NewReplacer(
|
||||
"${FINGERPRINT}", "0x"+key.GetFingerprint(),
|
||||
"${KEY_ID}", "0x"+key.GetHexKeyID()).Replace(c.OpenPGPURL)
|
||||
}
|
||||
|
||||
func (c *config) cryptoKey() (*crypto.Key, error) {
|
||||
if c.Key == "" {
|
||||
func (c *config) privateOpenPGPKey() (*crypto.Key, error) {
|
||||
if c.OpenPGPPrivateKey == "" {
|
||||
return nil, nil
|
||||
}
|
||||
c.keyMu.Lock()
|
||||
|
|
@ -99,7 +88,7 @@ func (c *config) cryptoKey() (*crypto.Key, error) {
|
|||
return c.key, c.keyErr
|
||||
}
|
||||
var f *os.File
|
||||
if f, c.keyErr = os.Open(c.Key); c.keyErr != nil {
|
||||
if f, c.keyErr = os.Open(c.OpenPGPPrivateKey); c.keyErr != nil {
|
||||
return nil, c.keyErr
|
||||
}
|
||||
defer f.Close()
|
||||
|
|
@ -179,10 +168,6 @@ func (c *config) setDefaults() {
|
|||
c.Domain = defaultDomain
|
||||
}
|
||||
|
||||
if c.OpenPGPURL == "" {
|
||||
c.OpenPGPURL = defaultOpenPGPURL
|
||||
}
|
||||
|
||||
if c.Workers <= 0 {
|
||||
if n := runtime.NumCPU(); n > defaultWorkers {
|
||||
c.Workers = defaultWorkers
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue