SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
gocsaf/docs/csaf_provider.md
Sascha L. Teichmann 69f0f3499a
Change openpgp key providing code to use local directory 
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally
  provided directory `openpgp` beside the `prodiver-metadata.json`.
  This more robust and self-reliant than using a public pubkey server,
  which is the reason why the CSAF 2.0 csd02 mentions it as example in
  "7.1.20 Requirement 20: Public OpenPGP Key".
 * Improve aggregator by removing a typo `aggreator` from one written paths.
   (Done with this change as it also affects the openpgp/ paths writing.)

solve #85
2022-06-09 10:42:44 +02:00

2.2 KiB
Raw Blame History

csaf_provider implements the CGI interface for webservers and reads its configuration from a TOML file. The setup docs explain how to wire this up with nginx and where the config file lives.

Provider options

Following options are supported in the config file:

  • password: Authentication password for accessing the CSAF provider.
  • openpgp_public_key: The public OpenPGP key. Default: /ust/lib/csaf/openpgp_public.asc
  • openpgp_private_key: The private OpenPGP key. Default: /ust/lib/csaf/openpgp_private.asc
  • folder: Specify the root folder. Default: /var/www/.
  • web: Specify the web folder. Default: /var/www/html.
  • tlps: Set the allowed TLP comming with the upload request (one or more of "csaf", "white", "amber", "green", "red"). The "csaf" selection lets the provider takes the value from the CSAF document. These affects the list items in the web interface. Default: ["csaf", "white", "amber", "green", "red"].
  • upload_signature: Send signature with the request, an additional input-field in the web interface will be shown to let user enter an ascii armored signature. Default: false.
  • canonical_url_prefix: start of the URL where contents shall be accessible from the internet. Default: https://$SERVER_NAME.
  • no_passphrase: Let user send password with the request, if set to true the input-field in the web interface will be disappeared. Default: false.
  • no_validation: Validate the uploaded CSAF document against the JSON schema. Default: false.
  • no_web_ui: Disable the web interface. Default: false.
  • dynamic_provider_metadata: Take the publisher from the CSAF document. Default: false.
  • provider_metadata: Configure the provider metadata.
  • provider_metadata.list_on_CSAF_aggregators: List on aggregators
  • provider_metadata.mirror_on_CSAF_aggregators: Mirror on aggregators
  • provider_metadata.publisher: Set the publisher. Default: {"category"= "vendor", "name"= "Example", "namespace"= "https://example.com"}.
  • upload_limit: Set the upload limit size of the file. Default: 50 MiB.
  • issuer: The issuer of the CA, which if set, restricts the writing permission and the accessing to the web-interface to only the client certificates signed with this CA.