[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: fix auditor postinst
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: fix auditor postinst |
|
Date: |
Sun, 03 Jan 2021 23:29:33 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 9a24b4a0 fix auditor postinst
9a24b4a0 is described below
commit 9a24b4a0dccc299e17279e115a3e460092cab0d3
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jan 3 23:29:27 2021 +0100
fix auditor postinst
---
debian/auditor-conf/apache.conf | 4 ++
debian/{conf => auditor-conf}/nginx.conf | 4 +-
debian/changelog | 6 ++
debian/control | 16 ++++-
debian/etc/taler-auditor.conf | 14 +++++
debian/{conf => exchange-conf}/apache.conf | 0
debian/{conf => exchange-conf}/nginx.conf | 0
debian/rules | 1 +
debian/taler-auditor.install | 8 +++
debian/taler-auditor.postinst | 95 ++++++++++++++++++++++++++++++
debian/taler-auditor.postrm | 58 ++++++++++++++++++
debian/taler-auditor.templates | 16 +++++
debian/taler-exchange.install | 2 +-
debian/taler-exchange.postinst | 20 -------
14 files changed, 220 insertions(+), 24 deletions(-)
diff --git a/debian/auditor-conf/apache.conf b/debian/auditor-conf/apache.conf
new file mode 100644
index 00000000..f68c5955
--- /dev/null
+++ b/debian/auditor-conf/apache.conf
@@ -0,0 +1,4 @@
+<Location "/taler-auditor/">
+ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/";
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/conf/nginx.conf b/debian/auditor-conf/nginx.conf
similarity index 64%
copy from debian/conf/nginx.conf
copy to debian/auditor-conf/nginx.conf
index 2921c999..3fdffdad 100644
--- a/debian/conf/nginx.conf
+++ b/debian/auditor-conf/nginx.conf
@@ -1,5 +1,5 @@
-location /taler-exchange/ {
- proxy_pass http://unix:/var/lib/taler-exchange/exchange.sock;
+location /taler-auditor/ {
+ proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
diff --git a/debian/changelog b/debian/changelog
index e20cf9d8..646ef54a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+taler-exchange (0.9.0-3) unstable; urgency=medium
+
+ * Fix taler-exchange.postrm crash (prevented uninstall).
+ * Split out taler-auditor package.
+ * Setup user and systemd service for taler-auditor-httpd.
+
taler-exchange (0.9.0-2) unstable; urgency=medium
* Modify setup to not touch database (too complex anyway).
diff --git a/debian/control b/debian/control
index 909c4dba..a1f2c428 100644
--- a/debian/control
+++ b/debian/control
@@ -55,11 +55,25 @@ Depends:
lsb-base,
netbase,
dbconfig-pgsql | dbconfig-no-thanks,
- python3-jinja2,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system operator.
+Package: taler-auditor
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ libtalerexchange (= ${binary:Version}),
+ adduser,
+ lsb-base,
+ netbase,
+ dbconfig-pgsql | dbconfig-no-thanks,
+ python3-jinja2,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: GNU's payment system auditor.
+
Package: libtalerexchange-dev
Section: libdevel
Architecture: any
diff --git a/debian/etc/taler-auditor.conf b/debian/etc/taler-auditor.conf
new file mode 100644
index 00000000..50971b2e
--- /dev/null
+++ b/debian/etc/taler-auditor.conf
@@ -0,0 +1,14 @@
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-auditor/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+
+[auditor]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-auditor/auditor.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/conf/apache.conf b/debian/exchange-conf/apache.conf
similarity index 100%
rename from debian/conf/apache.conf
rename to debian/exchange-conf/apache.conf
diff --git a/debian/conf/nginx.conf b/debian/exchange-conf/nginx.conf
similarity index 100%
rename from debian/conf/nginx.conf
rename to debian/exchange-conf/nginx.conf
diff --git a/debian/rules b/debian/rules
index 5c32fe88..3af28777 100755
--- a/debian/rules
+++ b/debian/rules
@@ -34,3 +34,4 @@ override_dh_auto_clean:
override_dh_install:
dh_install
cd debian/libtalerexchange; find . -type f -exec rm -f
../taler-exchange/{} \;
+ cd debian/taler-auditor; find . -type f -exec rm -f
../taler-exchange/{} \;
diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install
new file mode 100644
index 00000000..4511b257
--- /dev/null
+++ b/debian/taler-auditor.install
@@ -0,0 +1,8 @@
+usr/bin/taler-auditor
+usr/bin/taler-auditor-dbinit
+usr/bin/taler-auditor-exchange
+usr/bin/taler-auditor-httpd
+usr/bin/taler-auditor-offline
+usr/bin/taler-helper-auditor-*
+debian/etc/taler-auditor.conf etc/
+debian/auditor-conf/* etc/taler-auditor/
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
new file mode 100644
index 00000000..7d386508
--- /dev/null
+++ b/debian/taler-auditor.postinst
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+case "${1}" in
+ configure)
+ db_version 2.0
+
+ db_get taler-auditor/username
+ _USERNAME="${RET:-taler-auditor-httpd}"
+
+ db_get taler-auditor/groupname
+ _GROUPNAME="${RET:-taler-auditor-httpd}"
+
+ db_stop
+
+ CONFIG_FILE="/etc/default/taler-auditor"
+ TALER_HOME="/var/lib/taler-auditor"
+
+ # Creating taler groups as needed
+ if ! getent group ${_GROUPNAME} > /dev/null
+ then
+ echo -n "Creating new Taler group ${_GROUPNAME}:"
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+ # Creating taler users if needed
+ if ! getent passwd ${_USERNAME} > /dev/null
+ then
+ echo -n "Creating new Taler user ${_USERNAME}:"
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_USERNAME}
+ echo " done."
+ fi
+ # Writing new values to configuration file
+ echo -n "Writing new configuration file:"
+ CONFIG_NEW=$(tempfile)
+
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the Taler init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
+
+TALER_USER=${_USERNAME}
+TALER_GROUP=${_GROUPNAME}
+EOF
+
+cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
+[Unit]
+Description=GNU Taler payment system auditor REST API
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-auditor
+User=${_USERNAME}
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+ rm -f "${CONFIG_NEW}"
+ echo " done."
+
+ echo -n "Setting up system services "
+
+ mkdir -p /var/lib/taler-auditor/tmp
+ chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
+ chmod 770 /var/lib/taler-auditor/tmp
+ chmod +s /var/lib/taler-auditor/tmp
+
+ systemctl daemon-reload
+
+ echo "done."
+
+ # Cleaning
+ echo "All done."
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
new file mode 100644
index 00000000..7697a414
--- /dev/null
+++ b/debian/taler-auditor.postrm
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+pathfind() {
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$*" ]; then
+ IFS="$OLDIFS"
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+ return 1
+}
+
+if [ -f /usr/share/debconf/confmodule ];
+then
+ . /usr/share/debconf/confmodule
+fi
+
+case "${1}" in
+ purge)
+ db_version 2.0
+
+ db_get taler-auditor/username
+ _USERNAME="${RET:-taler-auditor-httpd}"
+
+ db_get taler-auditor/groupname
+ _GROUPNAME="${RET:-taler-auditor-httpd}"
+
+ if pathfind deluser
+ then
+ deluser --quiet --system ${_USERNAME} || true
+ fi
+
+ if pathfind delgroup
+ then
+ delgroup --quiet --system --only-if-empty ${_GROUPNAME}
|| true
+ fi
+
+ rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor
/etc/default/taler-auditor
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates
new file mode 100644
index 00000000..06eac63b
--- /dev/null
+++ b/debian/taler-auditor.templates
@@ -0,0 +1,16 @@
+Template: taler-auditor/username
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler user:
+ Please choose the user that the taler-auditor-httpd process will run as.
+ .
+ This should be a dedicated account. If the specified account does not
+ already exist, it will automatically be created, with no login shell.
+
+Template: taler-auditor/groupname
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler group:
+ Please choose the group that the taler-auditor-httpd will run as.
+ .
+ This should be a dedicated group, not one that already owns data.
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index eee4a8fc..add23672 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,4 +1,4 @@
usr/bin/
usr/lib/*/taler/*.so
debian/etc/* etc/
-debian/conf/* etc/taler-exchange/
+debian/exchange-conf/* etc/taler-exchange/
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index 3ef46bf2..cf48f878 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -3,26 +3,6 @@
set -e
-apache_install() {
- mkdir -p /etc/apache2/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
- then
- cp /etc/taler-exchange/apache.conf
/etc/apache2/conf-available/taler-exchange.conf
- fi
- a2enmod proxy
- a2enmod proxy_http
- a2enmod headers
-}
-
-
-nginx_install() {
- mkdir -p /etc/nginx/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
- then
- cp /etc/taler-exchange/nginx.conf
/etc/nginx/conf-available/taler-exchange.conf
- fi
-}
-
. /usr/share/debconf/confmodule
case "${1}" in
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: fix auditor postinst,
gnunet <=