aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-01-03 23:29:27 +0100
committerChristian Grothoff <christian@grothoff.org>2021-01-03 23:29:27 +0100
commit9a24b4a0dccc299e17279e115a3e460092cab0d3 (patch)
tree9b2122dfcd3fec99118fa03831dcf8296468956f
parentd981da056e776e0756cfddb22f18308b9ab913a5 (diff)
fix auditor postinst
-rw-r--r--debian/auditor-conf/apache.conf4
-rw-r--r--debian/auditor-conf/nginx.conf7
-rw-r--r--debian/changelog6
-rw-r--r--debian/control16
-rw-r--r--debian/etc/taler-auditor.conf14
-rw-r--r--debian/exchange-conf/apache.conf (renamed from debian/conf/apache.conf)0
-rw-r--r--debian/exchange-conf/nginx.conf (renamed from debian/conf/nginx.conf)0
-rwxr-xr-xdebian/rules1
-rw-r--r--debian/taler-auditor.install8
-rw-r--r--debian/taler-auditor.postinst95
-rw-r--r--debian/taler-auditor.postrm58
-rw-r--r--debian/taler-auditor.templates16
-rw-r--r--debian/taler-exchange.install2
-rw-r--r--debian/taler-exchange.postinst20
14 files changed, 225 insertions, 22 deletions
diff --git a/debian/auditor-conf/apache.conf b/debian/auditor-conf/apache.conf
new file mode 100644
index 000000000..f68c59558
--- /dev/null
+++ b/debian/auditor-conf/apache.conf
@@ -0,0 +1,4 @@
+<Location "/taler-auditor/">
+ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/"
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/auditor-conf/nginx.conf b/debian/auditor-conf/nginx.conf
new file mode 100644
index 000000000..3fdffdad3
--- /dev/null
+++ b/debian/auditor-conf/nginx.conf
@@ -0,0 +1,7 @@
+location /taler-auditor/ {
+ proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+} \ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index e20cf9d8a..646ef54ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+taler-exchange (0.9.0-3) unstable; urgency=medium
+
+ * Fix taler-exchange.postrm crash (prevented uninstall).
+ * Split out taler-auditor package.
+ * Setup user and systemd service for taler-auditor-httpd.
+
taler-exchange (0.9.0-2) unstable; urgency=medium
* Modify setup to not touch database (too complex anyway).
diff --git a/debian/control b/debian/control
index 909c4dbaa..a1f2c428b 100644
--- a/debian/control
+++ b/debian/control
@@ -55,11 +55,25 @@ Depends:
lsb-base,
netbase,
dbconfig-pgsql | dbconfig-no-thanks,
- python3-jinja2,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system operator.
+Package: taler-auditor
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ libtalerexchange (= ${binary:Version}),
+ adduser,
+ lsb-base,
+ netbase,
+ dbconfig-pgsql | dbconfig-no-thanks,
+ python3-jinja2,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: GNU's payment system auditor.
+
Package: libtalerexchange-dev
Section: libdevel
Architecture: any
diff --git a/debian/etc/taler-auditor.conf b/debian/etc/taler-auditor.conf
new file mode 100644
index 000000000..50971b2ef
--- /dev/null
+++ b/debian/etc/taler-auditor.conf
@@ -0,0 +1,14 @@
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-auditor/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+
+[auditor]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-auditor/auditor.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/conf/apache.conf b/debian/exchange-conf/apache.conf
index 3cfbf9edb..3cfbf9edb 100644
--- a/debian/conf/apache.conf
+++ b/debian/exchange-conf/apache.conf
diff --git a/debian/conf/nginx.conf b/debian/exchange-conf/nginx.conf
index 2921c9998..2921c9998 100644
--- a/debian/conf/nginx.conf
+++ b/debian/exchange-conf/nginx.conf
diff --git a/debian/rules b/debian/rules
index 5c32fe88b..3af287771 100755
--- a/debian/rules
+++ b/debian/rules
@@ -34,3 +34,4 @@ override_dh_auto_clean:
override_dh_install:
dh_install
cd debian/libtalerexchange; find . -type f -exec rm -f ../taler-exchange/{} \;
+ cd debian/taler-auditor; find . -type f -exec rm -f ../taler-exchange/{} \;
diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install
new file mode 100644
index 000000000..4511b2574
--- /dev/null
+++ b/debian/taler-auditor.install
@@ -0,0 +1,8 @@
+usr/bin/taler-auditor
+usr/bin/taler-auditor-dbinit
+usr/bin/taler-auditor-exchange
+usr/bin/taler-auditor-httpd
+usr/bin/taler-auditor-offline
+usr/bin/taler-helper-auditor-*
+debian/etc/taler-auditor.conf etc/
+debian/auditor-conf/* etc/taler-auditor/
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
new file mode 100644
index 000000000..7d3865080
--- /dev/null
+++ b/debian/taler-auditor.postinst
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+case "${1}" in
+ configure)
+ db_version 2.0
+
+ db_get taler-auditor/username
+ _USERNAME="${RET:-taler-auditor-httpd}"
+
+ db_get taler-auditor/groupname
+ _GROUPNAME="${RET:-taler-auditor-httpd}"
+
+ db_stop
+
+ CONFIG_FILE="/etc/default/taler-auditor"
+ TALER_HOME="/var/lib/taler-auditor"
+
+ # Creating taler groups as needed
+ if ! getent group ${_GROUPNAME} > /dev/null
+ then
+ echo -n "Creating new Taler group ${_GROUPNAME}:"
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+ # Creating taler users if needed
+ if ! getent passwd ${_USERNAME} > /dev/null
+ then
+ echo -n "Creating new Taler user ${_USERNAME}:"
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
+ echo " done."
+ fi
+ # Writing new values to configuration file
+ echo -n "Writing new configuration file:"
+ CONFIG_NEW=$(tempfile)
+
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the Taler init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
+
+TALER_USER=${_USERNAME}
+TALER_GROUP=${_GROUPNAME}
+EOF
+
+cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
+[Unit]
+Description=GNU Taler payment system auditor REST API
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-auditor
+User=${_USERNAME}
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+ rm -f "${CONFIG_NEW}"
+ echo " done."
+
+ echo -n "Setting up system services "
+
+ mkdir -p /var/lib/taler-auditor/tmp
+ chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
+ chmod 770 /var/lib/taler-auditor/tmp
+ chmod +s /var/lib/taler-auditor/tmp
+
+ systemctl daemon-reload
+
+ echo "done."
+
+ # Cleaning
+ echo "All done."
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
new file mode 100644
index 000000000..7697a4142
--- /dev/null
+++ b/debian/taler-auditor.postrm
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+pathfind() {
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$*" ]; then
+ IFS="$OLDIFS"
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+ return 1
+}
+
+if [ -f /usr/share/debconf/confmodule ];
+then
+ . /usr/share/debconf/confmodule
+fi
+
+case "${1}" in
+ purge)
+ db_version 2.0
+
+ db_get taler-auditor/username
+ _USERNAME="${RET:-taler-auditor-httpd}"
+
+ db_get taler-auditor/groupname
+ _GROUPNAME="${RET:-taler-auditor-httpd}"
+
+ if pathfind deluser
+ then
+ deluser --quiet --system ${_USERNAME} || true
+ fi
+
+ if pathfind delgroup
+ then
+ delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
+ fi
+
+ rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates
new file mode 100644
index 000000000..06eac63b7
--- /dev/null
+++ b/debian/taler-auditor.templates
@@ -0,0 +1,16 @@
+Template: taler-auditor/username
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler user:
+ Please choose the user that the taler-auditor-httpd process will run as.
+ .
+ This should be a dedicated account. If the specified account does not
+ already exist, it will automatically be created, with no login shell.
+
+Template: taler-auditor/groupname
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler group:
+ Please choose the group that the taler-auditor-httpd will run as.
+ .
+ This should be a dedicated group, not one that already owns data.
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index eee4a8fc7..add23672c 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,4 +1,4 @@
usr/bin/
usr/lib/*/taler/*.so
debian/etc/* etc/
-debian/conf/* etc/taler-exchange/
+debian/exchange-conf/* etc/taler-exchange/
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index 3ef46bf2b..cf48f8782 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -3,26 +3,6 @@
set -e
-apache_install() {
- mkdir -p /etc/apache2/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
- then
- cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf
- fi
- a2enmod proxy
- a2enmod proxy_http
- a2enmod headers
-}
-
-
-nginx_install() {
- mkdir -p /etc/nginx/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
- then
- cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf
- fi
-}
-
. /usr/share/debconf/confmodule
case "${1}" in