[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: work on Debian package: extend p
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: work on Debian package: extend pre-configuration, add reverse proxy setup logic, add database setup logic (untested) |
|
Date: |
Fri, 01 Jan 2021 20:44:01 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 90d4bc95 work on Debian package: extend pre-configuration, add reverse
proxy setup logic, add database setup logic (untested)
90d4bc95 is described below
commit 90d4bc9519507c64ad5c0a604140fcf00a9702ee
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Jan 1 20:43:59 2021 +0100
work on Debian package: extend pre-configuration, add reverse proxy setup
logic, add database setup logic (untested)
---
debian/conf/apache.conf | 4 ++
debian/conf/nginx.conf | 7 +++
debian/control | 1 +
debian/db/install/pgsql | 2 +
debian/db/upgrade/pgsql | 2 +
debian/etc/taler-exchange-db.conf | 3 +
debian/etc/{taler.conf => taler-exchange.conf} | 7 +++
debian/etc/taler-wire.conf | 1 +
debian/taler-exchange.config | 7 ++-
debian/taler-exchange.install | 5 +-
debian/taler-exchange.postinst | 86 +++++++++++++++++++++-----
debian/taler-exchange.postrm | 41 +++++++++++-
debian/taler-exchange.prerm | 17 +++++
debian/taler-exchange.templates | 19 +++---
14 files changed, 172 insertions(+), 30 deletions(-)
diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
new file mode 100644
index 00000000..3cfbf9ed
--- /dev/null
+++ b/debian/conf/apache.conf
@@ -0,0 +1,4 @@
+<Location "/taler-exchange/">
+ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/";
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf
new file mode 100644
index 00000000..2921c999
--- /dev/null
+++ b/debian/conf/nginx.conf
@@ -0,0 +1,7 @@
+location /taler-exchange/ {
+ proxy_pass http://unix:/var/lib/taler-exchange/exchange.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+}
\ No newline at end of file
diff --git a/debian/control b/debian/control
index d5047855..873bed6a 100644
--- a/debian/control
+++ b/debian/control
@@ -54,6 +54,7 @@ Depends:
adduser,
lsb-base,
netbase,
+ dbconfig-pgsql | dbconfig-no-thanks,
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
new file mode 100644
index 00000000..0740e0d1
--- /dev/null
+++ b/debian/db/install/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-exchange-dbinit -c /etc/taler.conf
diff --git a/debian/db/upgrade/pgsql b/debian/db/upgrade/pgsql
new file mode 100644
index 00000000..0740e0d1
--- /dev/null
+++ b/debian/db/upgrade/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-exchange-dbinit -c /etc/taler.conf
diff --git a/debian/etc/taler-exchange-db.conf
b/debian/etc/taler-exchange-db.conf
new file mode 100644
index 00000000..b894671d
--- /dev/null
+++ b/debian/etc/taler-exchange-db.conf
@@ -0,0 +1,3 @@
+[taler-exchangdb-postgres]
+
+CONFIG = postgres:///taler-exchange
diff --git a/debian/etc/taler.conf b/debian/etc/taler-exchange.conf
similarity index 59%
rename from debian/etc/taler.conf
rename to debian/etc/taler-exchange.conf
index 4d721e02..4a806959 100644
--- a/debian/etc/taler.conf
+++ b/debian/etc/taler-exchange.conf
@@ -1,5 +1,12 @@
+@INLINE@ /etc/taler-exchange-db.conf
+
[PATHS]
# Move runtime data "tmp" directory to /var/lib/taler-exchange/
# to possibly provide additional protection from unwarranted access.
TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+[exchange]
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-exchange/exchange.sock
+DATABASE = postgres
diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf
new file mode 100644
index 00000000..f30fe077
--- /dev/null
+++ b/debian/etc/taler-wire.conf
@@ -0,0 +1 @@
+@INLINE@ /etc/taler-exchange-db.conf
diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config
index 9cb12cd7..1afcf358 100644
--- a/debian/taler-exchange.config
+++ b/debian/taler-exchange.config
@@ -22,7 +22,10 @@ db_go
db_input low taler-exchange/groupname || true
db_go
-db_input medium taler-exchange/autostart || true
-db_go
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/config.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
db_stop
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index d3ceccc1..a6486f38 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,3 +1,6 @@
-etc/taler.conf
usr/bin/
usr/lib/*/taler/*.so
+debian/etc/* etc/
+debian/db/install/* usr/share/dbconfig-common/scripts/taler-exchange/install/
+debian/db/upgrade/* usr/share/dbconfig-common/scripts/taler-exchange/upgrade/
+debian/conf/* etc/taler-exchange/
\ No newline at end of file
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index cfaf04a4..8256e886 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -2,6 +2,27 @@
set -e
+
+apache_install() {
+ mkdir -p /etc/apache2/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
+ then
+ cp /etc/taler-exchange/apache.conf
/etc/apache2/conf-available/taler-exchange.conf
+ fi
+ a2enmod proxy
+ a2enmod proxy_http
+ a2enmod headers
+}
+
+
+nginx_install() {
+ mkdir -p /etc/nginx/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
+ then
+ cp /etc/taler-exchange/nginx.conf
/etc/nginx/conf-available/taler-exchange.conf
+ fi
+}
+
. /usr/share/debconf/confmodule
case "${1}" in
@@ -26,16 +47,13 @@ case "${1}" in
db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}"
- db_get taler-exchange/autostart
- _AUTOSTART="${RET}" # boolean
+ db_get taler-exchange/dbgroupname
+ _DBGROUPNAME="${RET:-taler-exchange-db}"
db_stop
- CONFIG_FILE="/etc/default/taler"
-
- # Read default values
+ CONFIG_FILE="/etc/default/taler-exchange"
TALER_HOME="/var/lib/taler-exchange"
- eval $(grep TALER_HOME /etc/taler.conf | tr -d '[:blank:]')
# Creating taler group if needed
if ! getent group ${_GROUPNAME} > /dev/null
@@ -50,6 +68,7 @@ case "${1}" in
then
echo -n "Creating new Taler user ${_EUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_EUSERNAME}
+ adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} > /dev/null
@@ -68,12 +87,14 @@ case "${1}" in
then
echo -n "Creating new Taler user ${_WIREUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/wire
${_WIREUSERNAME}
+ adduser ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} > /dev/null
then
echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
adduser --quiet --system --home
${TALER_HOME}/aggregator ${_AGGRUSERNAME}
+ adduser ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
@@ -92,7 +113,6 @@ TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME}
-TALER_AUTOSTART="${_AUTOSTART}"
EOF
cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
@@ -103,11 +123,11 @@ Wants=taler-exchange-wirewatch taler-exchange-aggregator
taler-exchange-transfer
After=postgres.service network.target
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_EUSERNAME}
Type=simple
Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
[Install]
WantedBy=multi-user.target
@@ -118,11 +138,11 @@ cat >
"/etc/systemd/system/taler-exchange-helper-rsa.service" <<EOF
Description=GNU Taler payment system exchange RSA security module
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_RSECUSERNAME}
Type=simple
Restart=on-failure
-ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler.conf
+ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler-exchange.conf
[Install]
WantedBy=multi-user.target
@@ -132,11 +152,11 @@ cat >
"/etc/systemd/system/taler-exchange-helper-eddsa.service" <<EOF
Description=GNU Taler payment system exchange EdDSA security module
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_ESECUSERNAME}
Type=simple
Restart=on-failure
-ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler.conf
+ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler-exchange.conf
EOF
cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
[Unit]
@@ -144,7 +164,7 @@ Description=GNU Taler payment system exchange wirewatch
service
After=network.target
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
@@ -156,7 +176,7 @@ Description=GNU Taler payment system exchange transfer
service
After=network.target
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
@@ -167,7 +187,7 @@ cat >
"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
Description=GNU Taler payment system exchange aggregator service
[Service]
-EnvironmentFile=/etc/default/taler
+EnvironmentFile=/etc/default/taler-exchange
User=${_AGGRUSERNAME}
Type=simple
Restart=on-failure
@@ -184,6 +204,40 @@ EOF
chmod 770 /var/lib/taler-exchange/tmp
chmod +s /var/lib/taler-exchange/tmp
+ # Setup postgres database (needs dbconfig-pgsql package)
+ if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/postinst.pgsql
+ # dbc_dbfile_* should not apply for Postgres, but better be safe...
+ dbc_dbfile_owner="${_EUSERNAME}:${_DBGROUPNAME}"
+ dbc_dbfile_perms="0660"
+ dbc_pgsql_createdb_encoding="UTF8"
+ dbc_go taler-exchange "$@"
+ fi
+ # get database settings from dbconfig-common
+ if [ -f /etc/dbconfig-common/taler-exchange.conf ]; then
+ . /etc/dbconfig-common/taler-exchange.conf
+ case "$dbc_dbtype" in
+ pgsql)
+ taler-config -c /etc/taler-exchange-db.conf \
+ -s "exchangedb-postgres" \
+ -o "CONFIG" \
+ -V
"postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname"
+ taler-config -c /etc/taler-exchange-db.conf \
+ -s "exchange" \
+ -o "DB" \
+ -V "postgres"
+ chown ${_EUSERNAME}:${_DBGROUPNAME}
/etc/taler-exchange-db.conf
+ chmod 440 /etc/taler-exchange-db.conf
+ ;;
+ "")
+ ;;
+ *)
+ echo "Unsupported database type $dbc_type."
+ exit 1
+ ;;
+ esac
+ fi
+
# Cleaning
rm -f "${CONFIG_NEW}"
echo "All done."
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
index e2cba9d4..3843294e 100644
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@@ -15,6 +15,43 @@ pathfind() {
return 1
}
+apache_remove() {
+ if [ diff /etc/taler-exchange/apache.conf
/etc/apache2/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
+ then
+ rm -f /etc/apache2/conf-available/taler-exchange.conf
+ fi
+}
+
+nginx_remove() {
+ if [ diff /etc/taler-exchange/nginx.conf
/etc/nginx/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
+ then
+ rm -f /etc/nginx/conf-available/taler-exchange.conf
+ fi
+}
+
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
+
+if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
+ if [ -f /usr/share/debconf/confmodule ]; then
+ db_version 2.0
+ db_get taler-exchange/reconfigure-webserver
+ webservers="$RET"
+ for webserver in $webservers; do
+ webserver=${webserver%,}
+ if [ "$webserver" = "nginx" ] ; then
+ nginx_remove
+ else
+ apache_remove
+ fi
+ done
+ fi
+fi
+
+
case "${1}" in
purge)
if [ -e /usr/share/debconf/confmodule ]
@@ -48,8 +85,6 @@ case "${1}" in
_GROUPNAME="taler-private"
fi
- TALERDNS_GROUP="talerdns"
-
if pathfind deluser
then
deluser --quiet --system ${_EUSERNAME} || true
@@ -64,7 +99,7 @@ case "${1}" in
delgroup --quiet --system --only-if-empty ${_GROUPNAME}
|| true
fi
- rm -rf /var/log/taler/ /var/lib/taler /etc/default/taler
+ rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange
/etc/default/taler-exchange
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/taler-exchange.prerm b/debian/taler-exchange.prerm
new file mode 100644
index 00000000..88a747cb
--- /dev/null
+++ b/debian/taler-exchange.prerm
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+fi
+. /usr/share/dbconfig-common/dpkg/prerm
+
+if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/prerm.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
+db_stop
+exit 0
\ No newline at end of file
diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates
index 8cc9d1d4..43c3524e 100644
--- a/debian/taler-exchange.templates
+++ b/debian/taler-exchange.templates
@@ -46,7 +46,7 @@ _Description: Taler user:
Template: taler-exchange/groupname
Type: string
-Default: taler
+Default: taler-private
_Description: Taler group:
Please choose the group that the Taler exchange and security
modules will run as.
@@ -55,10 +55,13 @@ _Description: Taler group:
Only the members of this group will have access to Taler private
online signing keys.
-Template: taler-exchange/autostart
-Type: boolean
-Default: true
-_Description: Should the Taler exchange be launched on boot?
- If you choose this option, a Taler exchange will be launched each time
- the system is started. Otherwise, you will need to launch
- Taler each time you want to use it.
+
+Template: taler-exchange/dbgroupname
+Type: string
+Default: taler-exchange-db
+_Description: Taler group:
+ Please choose the group that the Taler users with database access
+ should be in.
+ .
+ This should be a dedicated group, not one that already owns data.
+ Only the members of this group will have access to Taler database.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: work on Debian package: extend pre-configuration, add reverse proxy setup logic, add database setup logic (untested),
gnunet <=