Merge branch 'main' into itest-download-from-agg

docs/csaf_aggregator.md

@@ -101,8 +101,14 @@ domain
 rate
 insecure
 write_indices
+category
 ```
 
+If you want an entry to be listed instead of mirrored
+in a `aggregator.category == "aggregator"` instance,
+set `category` to `lister` in the entry.
+Otherwise it is recommended to not set `category` for entries.
+
 #### Example config file
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/examples/aggregator.toml) -->
 <!-- The below code snippet is automatically added from ../docs/examples/aggregator.toml -->
@@ -123,6 +129,8 @@ insecure = true
 # allow_single_provider = true
 
 [aggregator]
+  # Set if this instance shall be a mirror (aka `aggregator`) or a `lister`.
+  # This determines the default value for the entries in [[provider]].
   category = "aggregator"
   name = "Example Development CSAF Aggregator"
   contact_details = "some @ somewhere"
@@ -143,5 +151,15 @@ insecure = true
 #  rate = 1.2
 #  insecure = true
   write_indices = true
+
+[[providers]]
+  name = "local-dev-provider3"
+  domain = "localhost"
+#  rate = 1.8
+#  insecure = true
+  write_indices = true
+  # If aggregator.category == "aggreator", set for an entry that should
+  # be listed in addition:
+  category = "lister"
 ```
 <!-- MARKDOWN-AUTO-DOCS:END -->

docs/csaf_checker.md

@@ -31,3 +31,10 @@ type 2: error
 ```
 
 The checker result is a success if no checks resulted in type 2, and a failure otherwise. 
+
+
+### Remarks
+
+The `role` given in the `provider-metadata.json` is not
+yet considered to change the overall result,
+see https://github.com/csaf-poc/csaf_distribution/issues/221 .

docs/examples/aggregator.toml

@@ -14,6 +14,8 @@ insecure = true
 # allow_single_provider = true
 
 [aggregator]
+  # Set if this instance shall be a mirror (aka `aggregator`) or a `lister`.
+  # This determines the default value for the entries in [[provider]].
   category = "aggregator"
   name = "Example Development CSAF Aggregator"
   contact_details = "some @ somewhere"
@@ -34,3 +36,13 @@ insecure = true
 #  rate = 1.2
 #  insecure = true
   write_indices = true
+
+[[providers]]
+  name = "local-dev-provider3"
+  domain = "localhost"
+#  rate = 1.8
+#  insecure = true
+  write_indices = true
+  # If aggregator.category == "aggreator", set for an entry that should
+  # be listed in addition:
+  category = "lister"

docs/provider-setup.md

@@ -53,7 +53,7 @@ location /cgi-bin/ {
   fastcgi_param SCRIPT_FILENAME  /usr/lib$fastcgi_script_name;
 
   fastcgi_param PATH_INFO $fastcgi_path_info;
-  fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml;
+  fastcgi_param CSAF_CONFIG /etc/csaf/config.toml;
 
   fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
   fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
@@ -103,9 +103,9 @@ Many systems use `www-data` as user id, so you could do something like
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=84-86) -->
 <!-- The below code snippet is automatically added from ../docs/scripts/setupProviderForITest.sh -->
 ```sh
-sudo touch /usr/lib/csaf/config.toml
-sudo chgrp www-data /usr/lib/csaf/config.toml
-sudo chmod g+r,o-rwx /usr/lib/csaf/config.toml
+sudo touch /etc/csaf/config.toml
+sudo chgrp www-data /etc/csaf/config.toml
+sudo chmod g+r,o-rwx /etc/csaf/config.toml
 ```
 <!-- MARKDOWN-AUTO-DOCS:END -->
 
@@ -118,6 +118,17 @@ which you need to customize for a production setup,
 see the [options of `csaf_provider`](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md).
 
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=94-101) -->
+<!-- The below code snippet is automatically added from ../docs/scripts/setupProviderForITest.sh -->
+```sh
+# upload_signature = true
+openpgp_private_key = "/etc/csaf/private.asc"
+openpgp_public_key = "/etc/csaf/public.asc"
+#tlps = ["green", "red"]
+canonical_url_prefix = "https://localhost:8443"
+categories = ["Example Company Product A", "expr:document.lang"]
+create_service_document = true
+#no_passphrase = true
+```
 <!-- MARKDOWN-AUTO-DOCS:END -->