[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated (a06a6a22 -> 3ceaae14)
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated (a06a6a22 -> 3ceaae14) |
|
Date: |
Mon, 26 Jul 2021 14:20:36 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a change to branch master
in repository exchange.
from a06a6a22 -use fixperm
new 5430dc34 debian: revise maintainer scripts and service files
new 3ceaae14 debian: offline postinst
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 8 +
debian/control | 21 +-
debian/etc/taler/exchange-offline.conf | 8 +
debian/libtalerexchange.install | 1 +
debian/taler-auditor.postinst | 111 +++--------
debian/taler-auditor.postrm | 57 ++----
debian/taler-auditor.taler-auditor-httpd.service | 13 ++
debian/taler-auditor.templates | 16 --
...xchange-httpd.taler-exchange-aggregator.service | 14 ++
...ler-exchange-httpd.taler-exchange-httpd.service | 21 ++
...hange-httpd.taler-exchange-secmod-eddsa.service | 14 ++
...xchange-httpd.taler-exchange-secmod-rsa.service | 14 ++
...-exchange-httpd.taler-exchange-transfer.service | 15 ++
...exchange-httpd.taler-exchange-wirewatch.service | 15 ++
debian/taler-exchange-offline.install | 5 +
debian/taler-exchange-offline.postinst | 47 +++++
debian/taler-exchange.config | 25 ---
debian/taler-exchange.install | 33 +++-
debian/taler-exchange.postinst | 214 ++-------------------
debian/taler-exchange.postrm | 72 ++-----
debian/taler-exchange.templates | 67 -------
21 files changed, 288 insertions(+), 503 deletions(-)
create mode 100644 debian/etc/taler/exchange-offline.conf
create mode 100644 debian/taler-auditor.taler-auditor-httpd.service
delete mode 100644 debian/taler-auditor.templates
create mode 100644
debian/taler-exchange-httpd.taler-exchange-aggregator.service
create mode 100644 debian/taler-exchange-httpd.taler-exchange-httpd.service
create mode 100644
debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
create mode 100644
debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
create mode 100644 debian/taler-exchange-httpd.taler-exchange-transfer.service
create mode 100644 debian/taler-exchange-httpd.taler-exchange-wirewatch.service
create mode 100644 debian/taler-exchange-offline.install
create mode 100644 debian/taler-exchange-offline.postinst
delete mode 100644 debian/taler-exchange.config
delete mode 100644 debian/taler-exchange.templates
diff --git a/debian/changelog b/debian/changelog
index be14355a..ecd2b0ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+taler-exchange (0.9.0-15) unstable; urgency=low
+
+ * New Taler amount operations (set zero, ...) added.
+ * New configuration file structure
+ * New taler-exchange-offline package
+
+ -- Florian Dold <dold@taler.net> Mon, 26 Jul 2021 11:21:39 +0200
+
taler-exchange (0.9.0-14) unstable; urgency=low
* Expose additional symbols needed in merchant logic.
diff --git a/debian/control b/debian/control
index 8ea436df..4e95256c 100644
--- a/debian/control
+++ b/debian/control
@@ -44,7 +44,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
-Description: libraries to talk to a GNU Taler exchange.
+Description: libraries to talk to a GNU Taler exchange
Package: taler-exchange-database
Architecture: any
@@ -55,7 +55,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
-Description: programs and libraries to manage a GNU Taler exchange database.
+Description: programs and libraries to manage a GNU Taler exchange database
Package: taler-exchange
Architecture: any
@@ -71,7 +71,20 @@ Depends:
dbconfig-pgsql | dbconfig-no-thanks,
${misc:Depends},
${shlibs:Depends}
-Description: GNU's payment system operator.
+Description: GNU's payment system operator
+
+Package: taler-exchange-offline
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ libtalerexchange (= ${binary:Version}),
+ adduser,
+ lsb-base,
+ netbase,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: tools for managing the GNU Taler exchange offline keys
Package: taler-auditor
Architecture: any
@@ -87,7 +100,7 @@ Depends:
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
-Description: GNU's payment system auditor.
+Description: GNU's payment system auditor
Package: libtalerexchange-dev
Section: libdevel
diff --git a/debian/etc/taler/exchange-offline.conf
b/debian/etc/taler/exchange-offline.conf
new file mode 100644
index 00000000..c1c039f9
--- /dev/null
+++ b/debian/etc/taler/exchange-offline.conf
@@ -0,0 +1,8 @@
+# This configuration file is the entry point for the offline key management.
+#
+# It includes other configuration files, which are applied on top of the
+# read-only base configuration (typically in /usr/share/taler/config.d/).
+
+# This file should be identical to the business configuration of the running
+# online exchange
+@INLINE@ exchange-business.conf
diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install
index 9e1983c9..8aa7f7c0 100644
--- a/debian/libtalerexchange.install
+++ b/debian/libtalerexchange.install
@@ -3,3 +3,4 @@ usr/lib/*/libtaler*
usr/share/taler/config.d/paths.conf
usr/share/taler/config.d/taler.conf
usr/share/man/man5/taler.conf.5
+usr/share/man/man1/taler-config*
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
index 7d386508..8e032cbd 100644
--- a/debian/taler-auditor.postinst
+++ b/debian/taler-auditor.postinst
@@ -4,90 +4,35 @@ set -e
. /usr/share/debconf/confmodule
-case "${1}" in
- configure)
- db_version 2.0
-
- db_get taler-auditor/username
- _USERNAME="${RET:-taler-auditor-httpd}"
-
- db_get taler-auditor/groupname
- _GROUPNAME="${RET:-taler-auditor-httpd}"
-
- db_stop
-
- CONFIG_FILE="/etc/default/taler-auditor"
- TALER_HOME="/var/lib/taler-auditor"
-
- # Creating taler groups as needed
- if ! getent group ${_GROUPNAME} > /dev/null
- then
- echo -n "Creating new Taler group ${_GROUPNAME}:"
- addgroup --quiet --system ${_GROUPNAME}
- echo " done."
- fi
- # Creating taler users if needed
- if ! getent passwd ${_USERNAME} > /dev/null
- then
- echo -n "Creating new Taler user ${_USERNAME}:"
- adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_USERNAME}
- echo " done."
- fi
- # Writing new values to configuration file
- echo -n "Writing new configuration file:"
- CONFIG_NEW=$(tempfile)
-
-cat > "${CONFIG_NEW}" <<EOF
-# This file controls the behaviour of the Taler init script.
-# It will be parsed as a shell script.
-# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
-
-TALER_USER=${_USERNAME}
-TALER_GROUP=${_GROUPNAME}
-EOF
-
-cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
-[Unit]
-Description=GNU Taler payment system auditor REST API
-After=postgres.service network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-auditor
-User=${_USERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+CONFIG_FILE="/etc/default/taler-auditor"
+TALER_HOME="/var/lib/taler-auditor"
+_USERNAME=taler-auditor-httpd
+_GROUPNAME=taler-auditor-httpd
-[Install]
-WantedBy=multi-user.target
-EOF
-
- cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
- rm -f "${CONFIG_NEW}"
- echo " done."
-
- echo -n "Setting up system services "
-
- mkdir -p /var/lib/taler-auditor/tmp
- chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
- chmod 770 /var/lib/taler-auditor/tmp
- chmod +s /var/lib/taler-auditor/tmp
-
- systemctl daemon-reload
-
- echo "done."
-
- # Cleaning
- echo "All done."
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+case "${1}" in
+configure)
+ # Creating taler groups as needed
+ if ! getent group ${_GROUPNAME} >/dev/null; then
+ echo -n "Creating new Taler group ${_GROUPNAME} ..."
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+ # Creating taler users if needed
+ if ! getent passwd ${_USERNAME} >/dev/null; then
+ echo -n "Creating new Taler user ${_USERNAME} ..."
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_USERNAME}
+ echo " done."
+ fi
+
+ # Cleaning
+ echo "All done."
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+*)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
index 7697a414..82e82675 100644
--- a/debian/taler-auditor.postrm
+++ b/debian/taler-auditor.postrm
@@ -2,55 +2,20 @@
set -e
-pathfind() {
- OLDIFS="$IFS"
- IFS=:
- for p in $PATH; do
- if [ -x "$p/$*" ]; then
- IFS="$OLDIFS"
- return 0
- fi
- done
- IFS="$OLDIFS"
- return 1
-}
-
-if [ -f /usr/share/debconf/confmodule ];
-then
- . /usr/share/debconf/confmodule
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
fi
case "${1}" in
- purge)
- db_version 2.0
-
- db_get taler-auditor/username
- _USERNAME="${RET:-taler-auditor-httpd}"
-
- db_get taler-auditor/groupname
- _GROUPNAME="${RET:-taler-auditor-httpd}"
-
- if pathfind deluser
- then
- deluser --quiet --system ${_USERNAME} || true
- fi
-
- if pathfind delgroup
- then
- delgroup --quiet --system --only-if-empty ${_GROUPNAME}
|| true
- fi
-
- rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor
/etc/default/taler-auditor
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-
- ;;
-
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+purge)
+ rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor
/etc/default/taler-auditor
+ ;;
+
+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
;;
+*)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-auditor.taler-auditor-httpd.service
b/debian/taler-auditor.taler-auditor-httpd.service
new file mode 100644
index 00000000..08a07327
--- /dev/null
+++ b/debian/taler-auditor.taler-auditor-httpd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=GNU Taler payment system auditor REST API
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-auditor
+User=taler-auditor-httpd
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates
deleted file mode 100644
index 06eac63b..00000000
--- a/debian/taler-auditor.templates
+++ /dev/null
@@ -1,16 +0,0 @@
-Template: taler-auditor/username
-Type: string
-Default: taler-auditor-httpd
-_Description: Taler user:
- Please choose the user that the taler-auditor-httpd process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-auditor/groupname
-Type: string
-Default: taler-auditor-httpd
-_Description: Taler group:
- Please choose the group that the taler-auditor-httpd will run as.
- .
- This should be a dedicated group, not one that already owns data.
diff --git a/debian/taler-exchange-httpd.taler-exchange-aggregator.service
b/debian/taler-exchange-httpd.taler-exchange-aggregator.service
new file mode 100644
index 00000000..91b0ade7
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-aggregator.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange aggregator service
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-aggregator
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-aggregator -c
/etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-httpd.service
b/debian/taler-exchange-httpd.taler-exchange-httpd.service
new file mode 100644
index 00000000..e88bd84f
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-httpd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=GNU Taler payment system exchange REST API
+AssertPathExists=/var/lib/taler-exchange/
+Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service
taler-exchange-secmod-eddsa.service
+Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service
taler-exchange-transfer.service
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-httpd
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-httpd -c
/etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
new file mode 100644
index 00000000..3bd9cc55
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange EdDSA security module
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-secmod-eddsa
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c
/etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
new file mode 100644
index 00000000..27448547
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange RSA security module
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-secmod-rsa
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c
/etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-transfer.service
b/debian/taler-exchange-httpd.taler-exchange-transfer.service
new file mode 100644
index 00000000..00fe977f
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-transfer.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=GNU Taler payment system exchange transfer service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-wire
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-wirewatch -c
/etc/taler/exchange-service-wire.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-wirewatch.service
b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service
new file mode 100644
index 00000000..3f301062
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=GNU Taler payment system exchange wirewatch service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-wire
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-wirewatch -c
/etc/taler/exchange-service-wire.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-offline.install
b/debian/taler-exchange-offline.install
new file mode 100644
index 00000000..fbaef9b9
--- /dev/null
+++ b/debian/taler-exchange-offline.install
@@ -0,0 +1,5 @@
+usr/bin/taler-exchange-offline
+usr/share/man/man1/taler-exchange-offline
+
+# configuration files in /etc/taler
+debian/etc/taler/exchange-offline.conf etc/taler/
diff --git a/debian/taler-exchange-offline.postinst
b/debian/taler-exchange-offline.postinst
new file mode 100644
index 00000000..0f436abb
--- /dev/null
+++ b/debian/taler-exchange-offline.postinst
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+TALEROFF_HOME="/var/lib/taler-exchange-offline"
+
+# usage: lncfg user home target
+function lncfg() {
+ local cf=$TALER_HOME/$2/.config
+ if [ ! -e $cf ]; then
+ mkdir $cf
+ chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf
+ fi
+ ln -sf $3 $cf/taler.conf
+}
+
+case "${1}" in
+configure)
+
+ if ! getent group taler-exchange-offline >/dev/null; then
+ addgroup --quiet --system taler-exchange-offline
+ fi
+
+ if ! getent passwd taler-exchange-offline >/dev/null; then
+ adduser --quiet --system \
+ --ingroup taler-exchange-offline \
+ --home ${TALEROFF_HOME}/httpd taler-exchange-offline
+ fi
+
+ lncfg taler-exchange-offline taler-exchange-offline
/etc/taler/exchange-offline.conf
+
+ echo "All done."
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+
+*)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config
deleted file mode 100644
index c8ef2b4f..00000000
--- a/debian/taler-exchange.config
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-
-set -e
-
-. /usr/share/debconf/confmodule
-
-db_input low taler-exchange/eusername || true
-db_go
-
-db_input low taler-exchange/rsecusername || true
-db_go
-
-db_input low taler-exchange/esecusername || true
-db_go
-
-db_input low taler-exchange/wireusername || true
-db_go
-
-db_input low taler-exchange/aggrusername || true
-db_go
-
-db_input low taler-exchange/groupname || true
-db_go
-
-db_stop
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index 87e3d056..3f7ad39d 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,17 +1,42 @@
-usr/bin/taler-exchange-*
+usr/bin/taler-exchange-aggregator
+usr/bin/taler-exchange-benchmark
+usr/bin/taler-exchange-closer
+usr/bin/taler-exchange-dbinit
+usr/bin/taler-exchange-httpd
+usr/bin/taler-exchange-secmod-eddsa
+usr/bin/taler-exchange-secmod-rsa
+usr/bin/taler-exchange-transfer
+usr/bin/taler-exchange-wirewatch
usr/bin/taler-bank-benchmark
usr/bin/taler-bank-manage-testing
usr/bin/taler-fakebank-run
usr/bin/taler-nexus-prepare
usr/bin/taler-wire-gateway-client
-usr/share/man/man1/taler-exchange*
+usr/share/man/man1/taler-exchange-aggregator
+usr/share/man/man1/taler-exchange-benchmark
+usr/share/man/man1/taler-exchange-closer
+usr/share/man/man1/taler-exchange-dbinit
+usr/share/man/man1/taler-exchange-httpd
+usr/share/man/man1/taler-exchange-secmod-eddsa
+usr/share/man/man1/taler-exchange-secmod-rsa
+usr/share/man/man1/taler-exchange-transfer
+usr/share/man/man1/taler-exchange-wirewatch
usr/share/man/man1/taler-bank*
-usr/share/man/man1/taler-config*
usr/share/man/man1/taler-wire*
usr/share/info/taler-bank*
usr/share/info/taler-exchange*
usr/share/taler/config.d/*
-debian/etc/taler/exchange* etc/taler/
+
+# configuration files in /etc/taler
+debian/etc/taler/exchange-business.conf etc/taler/
+debian/etc/taler/exchange-db.conf etc/taler/
+debian/etc/taler/exchange-service-default.conf etc/taler/
+debian/etc/taler/exchange-service-wire.conf etc/taler/
+debian/etc/taler/exchange-system.conf etc/taler
+debian/etc/taler/exchange-wire-gateway.conf etc/taler/
+
+# sample config files
debian/exchange-conf/* usr/share/taler/sample-configs/
+
usr/share/taler-exchange/pp/*/*
usr/share/taler-exchange/tos/*/*
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index f3a9a6f2..61e1a477 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -5,6 +5,14 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler-exchange"
+CONFIG_FILE="/etc/default/taler-exchange"
+_GROUPNAME=taler-exchange-secmod
+_DBGROUPNAME=taler-exchange-db
+_EUSERNAME=taler-exchange-httpd
+_RSECUSERNAME=taler-exchange-secmod-rsa
+_ESECUSERNAME=taler-exchange-secmod-rsa
+_AGGRUSERNAME=taler-exchange-aggregator
+_WIREUSERNAME=taler-exchange-wire
# usage: fixperm user:group perms file
function fixperm() {
@@ -24,240 +32,52 @@ function lncfg() {
case "${1}" in
configure)
- db_version 2.0
- db_get taler-exchange/eusername
- _EUSERNAME="${RET:-taler-exchange-httpd}"
-
- db_get taler-exchange/rsecusername
- _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
-
- db_get taler-exchange/esecusername
- _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
-
- db_get taler-exchange/wireusername
- _WIREUSERNAME="${RET:-taler-exchange-wire}"
-
- db_get taler-exchange/aggrusername
- _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
-
- db_get taler-exchange/groupname
- _GROUPNAME="${RET:-taler-private}"
-
- db_get taler-exchange/dbgroupname
- _DBGROUPNAME="${RET:-taler-exchange-db}"
-
- db_stop
-
- CONFIG_FILE="/etc/default/taler-exchange"
-
- # Creating taler groups as needed
+ # Create taler groups as needed
if ! getent group ${_GROUPNAME} >/dev/null; then
- echo -n "Creating new Taler group ${_GROUPNAME}:"
+ echo -n "Creating new Taler group ${_GROUPNAME} ..."
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
if ! getent group ${_DBGROUPNAME} >/dev/null; then
- echo -n "Creating new Taler group ${_DBGROUPNAME}:"
+ echo -n "Creating new Taler group ${_DBGROUPNAME} ..."
addgroup --quiet --system ${_DBGROUPNAME}
echo " done."
fi
- # Creating taler users if needed
+ # Create taler users if needed
if ! getent passwd ${_EUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_EUSERNAME}:"
+ echo -n "Creating new Taler user ${_EUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_EUSERNAME}
adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_RSECUSERNAME}:"
+ echo -n "Creating new Taler user ${_RSECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
echo " done."
fi
if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_ESECUSERNAME}:"
+ echo -n "Creating new Taler user ${_ESECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
echo " done."
fi
if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_WIREUSERNAME}:"
+ echo -n "Creating new Taler user ${_WIREUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
+ echo -n "Creating new Taler user ${_AGGRUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
- # Writing new values to configuration file
- echo -n "Writing new configuration file:"
- CONFIG_NEW=$(tempfile)
-
- cat >"${CONFIG_NEW}" <<EOF
-# This file controls the behaviour of the Taler init script.
-# It will be parsed as a shell script.
-# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
-
-TALER_EUSER=${_EUSERNAME}
-TALER_RSECUSER=${_RSECUSERNAME}
-TALER_ESECUSER=${_ESECUSERNAME}
-TALER_WIREUSER=${_WIREUSERNAME}
-TALER_AGGRUSER=${_AGGRUSERNAME}
-TALER_GROUP=${_GROUPNAME}
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
-[Unit]
-Description=Taler Exchange Socket
-PartOf=taler-exchange-httpd.service
-
-[Socket]
-ListenStream=/var/lib/taler-exchange/exchange.sock
-Accept=no
-Service=taler-exchange-httpd.service
-SocketUser=${_EUSERNAME}
-SocketGroup=www-data
-SocketMode=0660
-
-[Install]
-WantedBy=sockets.target
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange REST API
-AssertPathExists=/var/lib/taler-exchange/
-Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service
taler-exchange-secmod-eddsa.service
-Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service
taler-exchange-transfer.service
-After=postgres.service network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_EUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c
/etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange RSA security module
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_RSECUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c
/etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange EdDSA security module
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_ESECUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c
/etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange wirewatch service
-After=network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_WIREUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c
/etc/taler/exchange-service-wire.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange transfer service
-After=network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_WIREUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c
/etc/taler/exchange-service-wire.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange aggregator service
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_AGGRUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c
/etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-
-EOF
-
- cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
- rm -f "${CONFIG_NEW}"
- echo " done."
-
- echo -n "Setting up system services "
-
- mkdir -p /var/lib/taler-exchange/tmp
- fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp
- chmod +s /var/lib/taler-exchange/tmp
-
fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
- systemctl daemon-reload >/dev/null 2>&1 || true
-
- echo "done."
-
echo -n "Linking config files"
lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf
lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
index 5cefa5bc..10d67b77 100644
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@@ -2,72 +2,22 @@
set -e
-pathfind() {
- OLDIFS="$IFS"
- IFS=:
- for p in $PATH; do
- if [ -x "$p/$*" ]; then
- IFS="$OLDIFS"
- return 0
- fi
- done
- IFS="$OLDIFS"
- return 1
-}
-
-if [ -f /usr/share/debconf/confmodule ];
-then
- . /usr/share/debconf/confmodule
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
fi
case "${1}" in
- purge)
- db_version 2.0
-
- db_get taler-exchange/eusername
- _EUSERNAME="${RET:-taler-exchange-httpd}"
-
- db_get taler-exchange/rsecusername
- _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
-
- db_get taler-exchange/esecusername
- _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
-
- db_get taler-exchange/wireusername
- _WIREUSERNAME="${RET:-taler-exchange-wire}"
-
- db_get taler-exchange/aggrusername
- _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
-
- db_get taler-exchange/groupname
- _GROUPNAME="${RET:-taler-private}"
-
- if pathfind deluser
- then
- deluser --quiet --system ${_EUSERNAME} || true
- deluser --quiet --system ${_RSECUSERNAME} || true
- deluser --quiet --system ${_ESECUSERNAME} || true
- deluser --quiet --system ${_WIREUSERNAME} || true
- deluser --quiet --system ${_AGGRUSERNAME} || true
- fi
-
- if pathfind delgroup
- then
- delgroup --quiet --system --only-if-empty ${_GROUPNAME}
|| true
- fi
-
- rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange
/etc/default/taler-exchange
- rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf
/etc/taler-exchange.conf
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+purge)
+ rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange
/etc/default/taler-exchange
+ rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf
/etc/taler-exchange.conf
+ ;;
- ;;
+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
;;
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+*)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates
deleted file mode 100644
index 9428bec2..00000000
--- a/debian/taler-exchange.templates
+++ /dev/null
@@ -1,67 +0,0 @@
-Template: taler-exchange/eusername
-Type: string
-Default: taler-exchange-httpd
-_Description: Taler user:
- Please choose the user that the taler-exchange-httpd process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/rsecusername
-Type: string
-Default: taler-exchange-secmod-rsa
-_Description: Taler user:
- Please choose the user that the taler-exchange-secmod-rsa process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/esecusername
-Type: string
-Default: taler-exchange-secmod-eddsa
-_Description: Taler user:
- Please choose the user that the taler-exchange-secmod-eddsa process will run
as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/wireusername
-Type: string
-Default: taler-exchange-wire
-_Description: Taler user:
- Please choose the user that the taler-exchange-transfer and
- taler-exchange-wirewatch processes will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/aggrusername
-Type: string
-Default: taler-exchange-aggregator
-_Description: Taler user:
- Please choose the user that the taler-exchange-aggregator process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/groupname
-Type: string
-Default: taler-private
-_Description: Taler group:
- Please choose the group that the Taler exchange and security
- modules will run as.
- .
- This should be a dedicated group, not one that already owns data.
- Only the members of this group will have access to Taler private
- online signing keys.
-
-
-Template: taler-exchange/dbgroupname
-Type: string
-Default: taler-exchange-db
-_Description: Taler group:
- Please choose the group that the Taler users with database access
- should be in.
- .
- This should be a dedicated group, not one that already owns data.
- Only the members of this group will have access to Taler database.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] branch master updated (a06a6a22 -> 3ceaae14),
gnunet <=