You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: specs/file_hierarchy_for_the_verification_of_os_artifacts.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -125,7 +125,7 @@ The existence of multiple load paths allows system administrators and users to d
125
125
126
126
#### System mode
127
127
128
-
The priority of load paths in system mode follows the definition of ["Storage Directories and Overrides" in the Configuration Files Sepcification], which is also reflected in the following list of paths:
128
+
The priority of load paths in system mode follows the definition of ["Storage Directories and Overrides" in the Configuration Files Specification], which is also reflected in the following list of paths:
129
129
130
130
-`/etc/voa/`
131
131
-`/run/voa/`
@@ -155,7 +155,7 @@ VOA implementations must not consider symlinks under the following conditions an
155
155
156
156
- the symlink is for a file or directory in an ephemeral load path (i.e. `/run/voa/` and `$XDG_RUNTIME_DIR/voa/`),
157
157
- the symlink is for a file or directory outside of the specified _load paths_,
158
-
- the symlink is broken (aka. "dangling"),
158
+
- the symlink is broken (a.k.a. "dangling"),
159
159
- the file name of the symlink (also those of intermediate symlinks in the case of a symlink chain) does not match that of the target,
160
160
- or the file type of the source and target of the fully resolved symlink do not match (e.g. a verifier file points to a directory, or a directory to a verifier file).
161
161
@@ -229,7 +229,7 @@ Each of the following identifiers represents a subdirectory layer in that hierar
229
229
The _os_ identifier is used to uniquely identify an Operating System (OS).
230
230
231
231
The identifier relies on data provided by the ubiquitous [os-release].
232
-
The following keywords are understood and their value format follows that established by [os-release] (i.e. no spaces and no characters outside of `0–9`, `a–z`, `"."`, `"_"` and `"-"` are allowed):
232
+
The following keywords are understood and their value format follows that established by [os-release] (i.e. no spaces and no characters outside of `0–9`, `a–z`, `"."`, `"_"`, and `"-"` are allowed):
233
233
234
234
-`ID`: name of OS (e.g. `arch` or `debian`)
235
235
-`VERSION_ID`: the version of the OS (e.g. `1.0.0` or `24.12`)
@@ -280,7 +280,7 @@ Either two or one _purpose_ directories may exist per _role_:
280
280
- One directory which contains _artifact verifiers_ (e.g. `package`), and a second directory which contains the corresponding _trust anchors_ (e.g. `trust-anchor-package`).
281
281
- Just one directory which contains _artifact verifiers_ (e.g. `package`).
282
282
283
-
The _purpose_ directory name must not contain characters outside of `0–9`, `a–z`, `"."`, `"_"` and `"-"`.
283
+
The _purpose_ directory name must not contain characters outside of `0–9`, `a–z`, `"."`, `"_"`, and `"-"`.
284
284
VOA implementations must not consider invalid directories and should raise a warning if such a directory is encountered.
285
285
286
286
##### Two purpose directories: Verification relying on trust anchors
@@ -339,7 +339,7 @@ Specific examples for **context** are
339
339
340
340
If no specific context is required, the **context** directory `default` must be used.
341
341
342
-
Analogous to the os-release data, **context** strings may only contain `[a-z]`, `[0-9]`, `_`, `.` and `-`.
342
+
Analogous to the os-release data, **context** strings may only contain `[a-z]`, `[0-9]`, `_`, `.`, and `-`.
343
343
344
344
For more in-depth discussion on the use of the _context_ identifier, see the [examples] section.
345
345
@@ -358,7 +358,7 @@ Further specification work is required before implementing further technologies.
358
358
Each technology specifies file suffixes for verifiers.
359
359
Note that these suffixes may overlap.
360
360
361
-
A _technology_ directory name must not contain characters outside of `0–9`, `a–z`, `"."`, `"_"` and `"-"`.
361
+
A _technology_ directory name must not contain characters outside of `0–9`, `a–z`, `"."`, `"_"`, and `"-"`.
362
362
VOA implementations must not consider invalid directories and should raise a warning if such a directory is encountered.
363
363
364
364
#### OpenPGP
@@ -367,7 +367,7 @@ VOA implementations must not consider invalid directories and should raise a war
367
367
368
368
This technology is named `openpgp` in the VOA structure.
369
369
370
-
Most Linux distributions use OpenPGP, often combined with _PGPKI_ (aka. [Web of Trust (WoT)]), in which chains of trust are evaluated during signature validation.
370
+
Most Linux distributions use OpenPGP, often combined with _PGPKI_ (a.k.a. [Web of Trust (WoT)]), in which chains of trust are evaluated during signature validation.
371
371
372
372
OpenPGP has a rich model of validity, both for certificates and signatures.
373
373
Certificates can expire or be revoked by the key holder (via [OpenPGP certificate revocation]).
@@ -614,7 +614,7 @@ If the need arises, this specification should be extended accordingly.
0 commit comments