* Change comment to better indicate setting in nginx example conf
which serves the TLP != white locations of the prodiver.
We do advertise them in the provider-metadata.json, but we still
want to use 404 to not reveal more about the directory contents.
* Improve aggregator setup docs
* Add hints how to serve the aggregator output using nginx.
* Add hint that the permission of the aggregator config file should be
restricted.
* Add a setuid bit to the aggregator integration test script
to easy manual serving.
* Wording
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally
provided directory `openpgp` beside the `prodiver-metadata.json`.
This more robust and self-reliant than using a public pubkey server,
which is the reason why the CSAF 2.0 csd02 mentions it as example in
"7.1.20 Requirement 20: Public OpenPGP Key".
* Improve aggregator by removing a typo `aggreator` from one written paths.
(Done with this change as it also affects the openpgp/ paths writing.)
solve #85
* Implement a logging client and activate it using verbose parameter or option
in checker and aggregator.
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Decouple loading of provider metadata from processor and moved in the base library.
* Integrate new code into checker and aggregator
* Adhere to csd02 revision of CSAF 2.0.
resolve #60
* Add general hints that this example only shows how the components
work together and that a GNU/Linux admin should be consulted for
a secure setup.
* Adjust the scripts that setup a testing instance to use better
permissions as good example.
* Add a section about security considerations.
* Add util function to check a filename for confirming to csaf-v2.0-csd02.
* Add code to reject bad filenames in provider, checker, aggregator and uploader.
* Make it dynamic by the domain given for the check.
* Change reporting text to be more clear about which is the dynamic
part (in lack of direct access to the path which was checked.)
