Merge branch 'main' into rolie-categories

2025-12-22 05:40:11 +01:00 · 2022-07-05 16:54:12 +02:00 · 2022-07-05 16:54:12 +02:00 · dc8c89c886
commit dc8c89c886
parent acf5df9d56 69c3030eef
8 changed files with 57 additions and 28 deletions
--- a/cmd/csaf_aggregator/config.go
+++ b/cmd/csaf_aggregator/config.go
@ -41,6 +41,7 @@ type provider struct {
 	Categories *[]string `toml:"categories"`
 	// ServiceDocument incidates if we should create a service.json document.
 	ServiceDocument *bool `toml:"create_service_document"`
+	WriteIndices    *bool `toml:"write_indices"`
 }

 type config struct {
@ -54,6 +55,7 @@ type config struct {
 	Rate                *float64            `toml:"rate"`
 	Insecure            *bool               `toml:"insecure"`
 	Categories          *[]string           `toml:"categories"`
+	WriteIndices        bool                `toml:"write_indices"`
 	Aggregator          csaf.AggregatorInfo `toml:"aggregator"`
 	Providers           []*provider         `toml:"providers"`
 	OpenPGPPrivateKey   string              `toml:"openpgp_private_key"`
@ -91,6 +93,14 @@ func (p *provider) serviceDocument(c *config) bool {
 	return c.ServiceDocument
 }

+// writeIndices tells if we should write index.txt and changes.csv.
+func (p *provider) writeIndices(c *config) bool {
+	if p.WriteIndices != nil {
+		return *p.WriteIndices
+	}
+	return c.WriteIndices
+}
+
 // runAsMirror determines if the aggregator should run in mirror mode.
 func (c *config) runAsMirror() bool {
 	return c.Aggregator.Category != nil &&
--- a/cmd/csaf_aggregator/indices.go
+++ b/cmd/csaf_aggregator/indices.go
@ -299,11 +299,14 @@ func (w *worker) writeIndices() error {
 		if err := w.writeInterims(label, summaries); err != nil {
 			return err
 		}
-		if err := w.writeCSV(label, summaries); err != nil {
-			return err
-		}
-		if err := w.writeIndex(label, summaries); err != nil {
-			return err
+		// Only write index.txt and changes.csv if configured.
+		if w.provider.writeIndices(w.processor.cfg) {
+			if err := w.writeCSV(label, summaries); err != nil {
+				return err
+			}
+			if err := w.writeIndex(label, summaries); err != nil {
+				return err
+			}
 		}
 		if err := w.writeROLIE(label, summaries); err != nil {
 			return err
--- a/cmd/csaf_provider/actions.go
+++ b/cmd/csaf_provider/actions.go
@ -261,11 +261,14 @@ func (c *controller) upload(r *http.Request) (interface{}, error) {
 				return err
 			}

-			if err := updateIndices(
-				folder, filepath.Join(year, newCSAF),
-				ex.CurrentReleaseDate,
-			); err != nil {
-				return err
+			// Only write index.txt and changes.csv if configured.
+			if c.cfg.WriteIndices {
+				if err := updateIndices(
+					folder, filepath.Join(year, newCSAF),
+					ex.CurrentReleaseDate,
+				); err != nil {
+					return err
+				}
 			}

 			// Take over publisher
--- a/cmd/csaf_provider/config.go
+++ b/cmd/csaf_provider/config.go
@ -58,6 +58,8 @@ type config struct {
 	RemoteValidator         *csaf.RemoteValidatorOptions `toml:"remote_validator"`
 	Categories              *[]string                    `toml:"categories"`
 	ServiceDocument         bool                         `toml:"create_service_document"`
+	WriteIndices            bool                         `toml:"write_indices"`
+	WriteSecurity           bool                         `toml:"write_security"`
 }

 func (pmdc *providerMetadataConfig) apply(pmd *csaf.ProviderMetadata) {
--- a/cmd/csaf_provider/create.go
+++ b/cmd/csaf_provider/create.go
@ -43,7 +43,13 @@ func ensureFolders(c *config) error {
 		}
 	}

-	return setupSecurity(c, wellknown)
+	// Only write/modify security.txt if configured.
+	if c.WriteSecurity {
+		if err := setupSecurity(c, wellknown); err != nil {
+			return err
+		}
+	}
+	return nil
 }

 // createWellknown creates ".well-known" directory if not exist and returns nil.
--- a/docs/csaf_aggregator.md
+++ b/docs/csaf_aggregator.md
@ -78,8 +78,7 @@ web                   // directory to be served by the webserver
 domain                // base url where the contents will be reachable from outside
 rate                  // overall downloading limit per worker
 insecure              // do not check validity of TLS certificates
-aggregator            // table with basic infos for the aggregator object
-providers             // array of tables, each entry to be mirrored or listed
+write_indices         // write index.txt and changes.csv
 openpgp_private_key   // OpenPGP private key
 openpgp_public_key    // OpenPGP public key
 passphrase            // passphrase of the OpenPGP key
@ -88,6 +87,8 @@ interim_years         // limiting the years for which interim documents are sear
 verbose               // print more diagnostic output, e.g. https request
 allow_single_provider // debugging option
 remote_validator      // use remote validation checker
+aggregator            // table with basic infos for the aggregator object
+providers             // array of tables, each entry to be mirrored or listed
 ```

 Rates are specified as floats in HTTPS operations per second.
@ -99,6 +100,7 @@ name
 domain
 rate
 insecure
+write_indices
 ```

 #### Example config file
@ -112,6 +114,13 @@ web = "/var/csaf_aggregator/html"
 domain = "https://localhost:9443"
 rate = 10.0
 insecure = true
+#key =
+#passphrase =
+#write_indices = false
+
+# specification requires at least two providers (default),
+# to override for testing, enable:
+# allow_single_provider = true

 [aggregator]
  category = "aggregator"
@ -131,12 +140,6 @@ insecure = true
  domain = "localhost"
 #  rate = 1.2
 #  insecure = true
-
-#key =
-#passphrase =
-
-# specification requires at least two providers (default),
-# to override for testing, enable:
-# allow_single_provider = true
+  write_indices = true
 ```
 <!-- MARKDOWN-AUTO-DOCS:END -->
--- a/docs/csaf_provider.md
+++ b/docs/csaf_provider.md
@ -21,6 +21,8 @@ Following options are supported in the config file:
 - dynamic_provider_metadata: Take the publisher from the CSAF document. Default: `false`.
 - upload_limit: Set the upload limit size of a file in bytes. Default: `52428800` (aka 50 MiB).
 - issuer: The issuer of the CA, which if set, restricts the writing permission and the accessing to the web-interface to only the client certificates signed with this CA.
+ - write_indices: Write/update `index.txt` and `changes.csv`. Default: false
+ - write_security: Write `CSAF:` entry into `security.txt`: Default: false
 - tlps: Set the allowed TLP comming with the upload request (one or more of "csaf", "white", "amber", "green", "red").
   The "csaf" selection lets the provider takes the value from the CSAF document.
   These affects the list items in the web interface.
--- a/docs/examples/aggregator.toml
+++ b/docs/examples/aggregator.toml
@ -5,6 +5,13 @@ web = "/var/csaf_aggregator/html"
 domain = "https://localhost:9443"
 rate = 10.0
 insecure = true
+#key =
+#passphrase =
+#write_indices = false
+
+# specification requires at least two providers (default),
+# to override for testing, enable:
+# allow_single_provider = true

 [aggregator]
  category = "aggregator"
@ -24,11 +31,4 @@ insecure = true
  domain = "localhost"
 #  rate = 1.2
 #  insecure = true
-
-#key =
-#passphrase =
-
-# specification requires at least two providers (default),
-# to override for testing, enable:
-# allow_single_provider = true
-
+  write_indices = true