Added default publisher if not configured. Warning if uploads don't have the same publisher as in metadata.

2025-12-22 11:55:40 +01:00 · 2021-12-02 10:51:25 +01:00 · 2021-12-02 10:51:25 +01:00 · f77bb5f1a8
commit f77bb5f1a8
parent e5a6a8e2da
4 changed files with 66 additions and 8 deletions
--- a/cmd/csaf_provider/config.go
+++ b/cmd/csaf_provider/config.go
@ -113,5 +113,13 @@ func loadConfig() (*config, error) {
 		cfg.OpenPGPURL = defaultOpenPGPURL
 	}

+	if cfg.Publisher == nil {
+		cfg.Publisher = &csaf.Publisher{
+			Category:  func(c csaf.Category) *csaf.Category { return &c }(csaf.CSAFCategoryVendor),
+			Name:      func(s string) *string { return &s }("ACME"),
+			Namespace: func(s string) *string { return &s }("https://example.com"),
+		}
+	}
+
 	return &cfg, nil
 }
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@ -215,6 +215,9 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	var warnings []string
+	warn := func(msg string) { warnings = append(warnings, msg) }
+
 	if err := doTransaction(
 		c.cfg, t,
 		func(folder string, pmd *csaf.ProviderMetadata) error {
@ -328,14 +331,23 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 			}

 			// Take over publisher
-			// TODO: Check for conflicts.
-			pmd.Publisher = ex.publisher
+			switch {
+			case pmd.Publisher == nil:
+				warn("Publisher in provider metadata is not initialized. Forgot to configure?")
+				if c.cfg.DynamicProviderMetaData {
+					warn("Taking publisher from CSAF")
+					pmd.Publisher = ex.publisher
+				}
+			case !pmd.Publisher.Equals(ex.publisher):
+				warn("Publishers in provider metadata and CSAF do not match.")
+			}

 			keyID, fingerprint := key.GetHexKeyID(), key.GetFingerprint()
 			pmd.SetPGP(fingerprint, c.cfg.GetOpenPGPURL(keyID))

 			return nil
-		}); err != nil {
+		},
+	); err != nil {
 		c.failed(rw, "upload.html", err)
 		return
 	}
@ -343,6 +355,7 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 	result := map[string]interface{}{
 		"Name":        newCSAF,
 		"ReleaseDate": ex.currentReleaseDate.Format(dateFormat),
+		"Warnings":    warnings,
 	}

 	c.render(rw, "upload.html", result)
--- a/cmd/csaf_provider/tmpl/upload.html
+++ b/cmd/csaf_provider/tmpl/upload.html
@ -14,6 +14,16 @@
      <tr><td>CSAF file:</td><td><tt>{{ .Name }}</tt></td></tr>
      <tr><td>Release date:</td><td><tt>{{ .ReleaseDate }}</tt></td></tr>
    </table>
+    {{ if .Warnings }}
+    <p>
+    Warning(s):
+    <ul>
+      {{ range .Warnings }}
+      <li>{{ . }}</li>
+      {{ end }}
+    </ul>
+    </p>
+    {{ end }}
    {{ end }}
    <br>
    <a href="/cgi-bin/csaf_provider.go/">Back</a>: