[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: fix #6673: fix access rights on
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: fix #6673: fix access rights on package install |
|
Date: |
Sat, 02 Jan 2021 21:21:37 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 0ccc6504 fix #6673: fix access rights on package install
0ccc6504 is described below
commit 0ccc6504209c155ee036893288ac0bc7e988d43a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Jan 2 21:21:34 2021 +0100
fix #6673: fix access rights on package install
---
debian/conf/apache.conf | 2 +-
debian/conf/nginx.conf | 4 ++--
debian/db/install/pgsql | 5 +++++
debian/etc/taler-merchant.conf | 2 +-
debian/taler-merchant.config | 4 ++++
debian/taler-merchant.postinst | 2 +-
debian/taler-merchant.postrm | 2 ++
src/merchant-tools/taler-merchant-dbinit.c | 2 +-
8 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
index e25d54c7..e11f6d82 100644
--- a/debian/conf/apache.conf
+++ b/debian/conf/apache.conf
@@ -3,6 +3,6 @@ RewriteEngine On
RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
RewriteRule "(.+)/private/" "-" [F]
-ProxyPass "unix:/var/lib/taler-merchant/merchant.sock|http://example.com/";
+ProxyPass
"unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/";
RequestHeader add "X-Forwarded-Proto" "https"
</Location>
diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf
index a57a2e19..82aaa306 100644
--- a/debian/conf/nginx.conf
+++ b/debian/conf/nginx.conf
@@ -2,7 +2,7 @@ location ~ /taler-merchant/private/ {
if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
return 401;
}
- proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
@@ -10,7 +10,7 @@ location ~ /taler-merchant/private/ {
}
location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
index 8173aeff..a69ac671 100755
--- a/debian/db/install/pgsql
+++ b/debian/db/install/pgsql
@@ -45,6 +45,11 @@ if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
. /etc/dbconfig-common/taler-merchant.conf
case "$dbc_dbtype" in
pgsql)
+ echo "GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA
public TO \"$dbc_dbuser\";" \
+ | sudo -u postgres psql "postgres:///$dbc_dbname"
+ echo "GRANT SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO
\"$dbc_dbuser\";" \
+ | sudo -u postgres psql "postgres:///$dbc_dbname"
+
taler-config -w \
-c /etc/taler-merchant.conf \
-s "merchantdb-postgres" \
diff --git a/debian/etc/taler-merchant.conf b/debian/etc/taler-merchant.conf
index ef4c1f52..60e2b72d 100644
--- a/debian/etc/taler-merchant.conf
+++ b/debian/etc/taler-merchant.conf
@@ -4,5 +4,5 @@ CURRENCY = KUDOS
[merchant]
SERVE = UNIX
-UNIXPATH = /var/lib/taler-merchant/merchant.sock
+UNIXPATH = /var/lib/taler-merchant/httpd/merchant.sock
DATABASE = postgres
diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config
index 6eac093d..35d901ce 100644
--- a/debian/taler-merchant.config
+++ b/debian/taler-merchant.config
@@ -28,6 +28,10 @@ dbc_authmethod_user=ident
dbc_authmethod_admin=ident
+db_get taler-merchant/username
+_USERNAME="${RET:-taler-merchant-httpd}"
+dbc_dbuser=${_USERNAME}
+
if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/config.pgsql
diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst
index dfd3e3de..54268d24 100644
--- a/debian/taler-merchant.postinst
+++ b/debian/taler-merchant.postinst
@@ -25,7 +25,7 @@ apache_install() {
# 1st argument will be the SECURITYTOKEN to use.
nginx_install() {
mkdir -p /etc/nginx/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+ if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ];
then
cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/"
> /etc/nginx/conf-available/taler-merchant.conf
fi
diff --git a/debian/taler-merchant.postrm b/debian/taler-merchant.postrm
index 3cf433e1..0f7a8baa 100644
--- a/debian/taler-merchant.postrm
+++ b/debian/taler-merchant.postrm
@@ -58,6 +58,8 @@ fi
case "${1}" in
purge)
+ rm -f /var/lib/taler-merchant/master-api-key.txt
+ rmdir /var/lib/taler-merchant/httpd/
if [ -e /usr/share/debconf/confmodule ]
then
. /usr/share/debconf/confmodule
diff --git a/src/merchant-tools/taler-merchant-dbinit.c
b/src/merchant-tools/taler-merchant-dbinit.c
index 73ec3519..9c0f855d 100644
--- a/src/merchant-tools/taler-merchant-dbinit.c
+++ b/src/merchant-tools/taler-merchant-dbinit.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2014, 2015 Taler Systems SA
+ Copyright (C) 2014, 2015, 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: fix #6673: fix access rights on package install,
gnunet <=