SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Change openpgp key providing code to use local directory

Browse source 
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally
  provided directory `openpgp` beside the `prodiver-metadata.json`.
  This more robust and self-reliant than using a public pubkey server,
  which is the reason why the CSAF 2.0 csd02 mentions it as example in
  "7.1.20 Requirement 20: Public OpenPGP Key".
 * Improve aggregator by removing a typo `aggreator` from one written paths.
   (Done with this change as it also affects the openpgp/ paths writing.)

solve #85
This commit is contained in:
Sascha L. Teichmann 2022-06-09 10:42:44 +02:00 committed by GitHub
parent a849ac0d5f
commit 69f0f3499a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 229 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/scripts/setupProviderForITest.sh
View file

@ -92,8 +92,8 @@ sudo chmod o-rwx /usr/lib/csaf/private.asc
# Configuration file
echo '
# upload_signature = true
# key = "/usr/lib/csaf/public.asc"
key = "/usr/lib/csaf/private.asc"
openpgp_private_key = "/usr/lib/csaf/private.asc"
openpgp_public_key = "/usr/lib/csaf/public.asc"
#tlps = ["green", "red"]
canonical_url_prefix = "https://localhost:8443"
#no_passphrase = true