diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-01-03 23:29:27 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-01-03 23:29:27 +0100 |
commit | 9a24b4a0dccc299e17279e115a3e460092cab0d3 (patch) | |
tree | 9b2122dfcd3fec99118fa03831dcf8296468956f | |
parent | d981da056e776e0756cfddb22f18308b9ab913a5 (diff) |
fix auditor postinst
-rw-r--r-- | debian/auditor-conf/apache.conf | 4 | ||||
-rw-r--r-- | debian/auditor-conf/nginx.conf | 7 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/control | 16 | ||||
-rw-r--r-- | debian/etc/taler-auditor.conf | 14 | ||||
-rw-r--r-- | debian/exchange-conf/apache.conf (renamed from debian/conf/apache.conf) | 0 | ||||
-rw-r--r-- | debian/exchange-conf/nginx.conf (renamed from debian/conf/nginx.conf) | 0 | ||||
-rwxr-xr-x | debian/rules | 1 | ||||
-rw-r--r-- | debian/taler-auditor.install | 8 | ||||
-rw-r--r-- | debian/taler-auditor.postinst | 95 | ||||
-rw-r--r-- | debian/taler-auditor.postrm | 58 | ||||
-rw-r--r-- | debian/taler-auditor.templates | 16 | ||||
-rw-r--r-- | debian/taler-exchange.install | 2 | ||||
-rw-r--r-- | debian/taler-exchange.postinst | 20 |
14 files changed, 225 insertions, 22 deletions
diff --git a/debian/auditor-conf/apache.conf b/debian/auditor-conf/apache.conf new file mode 100644 index 000000000..f68c59558 --- /dev/null +++ b/debian/auditor-conf/apache.conf @@ -0,0 +1,4 @@ +<Location "/taler-auditor/"> +ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" +</Location> diff --git a/debian/auditor-conf/nginx.conf b/debian/auditor-conf/nginx.conf new file mode 100644 index 000000000..3fdffdad3 --- /dev/null +++ b/debian/auditor-conf/nginx.conf @@ -0,0 +1,7 @@ +location /taler-auditor/ { + proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Proto "https"; +}
\ No newline at end of file diff --git a/debian/changelog b/debian/changelog index e20cf9d8a..646ef54ab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +taler-exchange (0.9.0-3) unstable; urgency=medium + + * Fix taler-exchange.postrm crash (prevented uninstall). + * Split out taler-auditor package. + * Setup user and systemd service for taler-auditor-httpd. + taler-exchange (0.9.0-2) unstable; urgency=medium * Modify setup to not touch database (too complex anyway). diff --git a/debian/control b/debian/control index 909c4dbaa..a1f2c428b 100644 --- a/debian/control +++ b/debian/control @@ -55,11 +55,25 @@ Depends: lsb-base, netbase, dbconfig-pgsql | dbconfig-no-thanks, - python3-jinja2, ${misc:Depends}, ${shlibs:Depends} Description: GNU's payment system operator. +Package: taler-auditor +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + libtalerexchange (= ${binary:Version}), + adduser, + lsb-base, + netbase, + dbconfig-pgsql | dbconfig-no-thanks, + python3-jinja2, + ${misc:Depends}, + ${shlibs:Depends} +Description: GNU's payment system auditor. + Package: libtalerexchange-dev Section: libdevel Architecture: any diff --git a/debian/etc/taler-auditor.conf b/debian/etc/taler-auditor.conf new file mode 100644 index 000000000..50971b2ef --- /dev/null +++ b/debian/etc/taler-auditor.conf @@ -0,0 +1,14 @@ +[PATHS] + +# Move runtime data "tmp" directory to /var/lib/taler-auditor/ +# to possibly provide additional protection from unwarranted access. +TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/ + +[auditor] +# Debian package is configured to use a reverse proxy with a UNIX +# domain socket. See nginx/apache configuration files. +SERVE = UNIX +UNIXPATH = /var/lib/taler-auditor/auditor.sock + +# Only supported database is Postgres right now. +DATABASE = postgres diff --git a/debian/conf/apache.conf b/debian/exchange-conf/apache.conf index 3cfbf9edb..3cfbf9edb 100644 --- a/debian/conf/apache.conf +++ b/debian/exchange-conf/apache.conf diff --git a/debian/conf/nginx.conf b/debian/exchange-conf/nginx.conf index 2921c9998..2921c9998 100644 --- a/debian/conf/nginx.conf +++ b/debian/exchange-conf/nginx.conf diff --git a/debian/rules b/debian/rules index 5c32fe88b..3af287771 100755 --- a/debian/rules +++ b/debian/rules @@ -34,3 +34,4 @@ override_dh_auto_clean: override_dh_install: dh_install cd debian/libtalerexchange; find . -type f -exec rm -f ../taler-exchange/{} \; + cd debian/taler-auditor; find . -type f -exec rm -f ../taler-exchange/{} \; diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install new file mode 100644 index 000000000..4511b2574 --- /dev/null +++ b/debian/taler-auditor.install @@ -0,0 +1,8 @@ +usr/bin/taler-auditor +usr/bin/taler-auditor-dbinit +usr/bin/taler-auditor-exchange +usr/bin/taler-auditor-httpd +usr/bin/taler-auditor-offline +usr/bin/taler-helper-auditor-* +debian/etc/taler-auditor.conf etc/ +debian/auditor-conf/* etc/taler-auditor/ diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst new file mode 100644 index 000000000..7d3865080 --- /dev/null +++ b/debian/taler-auditor.postinst @@ -0,0 +1,95 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +case "${1}" in + configure) + db_version 2.0 + + db_get taler-auditor/username + _USERNAME="${RET:-taler-auditor-httpd}" + + db_get taler-auditor/groupname + _GROUPNAME="${RET:-taler-auditor-httpd}" + + db_stop + + CONFIG_FILE="/etc/default/taler-auditor" + TALER_HOME="/var/lib/taler-auditor" + + # Creating taler groups as needed + if ! getent group ${_GROUPNAME} > /dev/null + then + echo -n "Creating new Taler group ${_GROUPNAME}:" + addgroup --quiet --system ${_GROUPNAME} + echo " done." + fi + # Creating taler users if needed + if ! getent passwd ${_USERNAME} > /dev/null + then + echo -n "Creating new Taler user ${_USERNAME}:" + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME} + echo " done." + fi + # Writing new values to configuration file + echo -n "Writing new configuration file:" + CONFIG_NEW=$(tempfile) + +cat > "${CONFIG_NEW}" <<EOF +# This file controls the behaviour of the Taler init script. +# It will be parsed as a shell script. +# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'. + +TALER_USER=${_USERNAME} +TALER_GROUP=${_GROUPNAME} +EOF + +cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF +[Unit] +Description=GNU Taler payment system auditor REST API +After=postgres.service network.target + +[Service] +EnvironmentFile=/etc/default/taler-auditor +User=${_USERNAME} +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf + +[Install] +WantedBy=multi-user.target +EOF + + cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" + rm -f "${CONFIG_NEW}" + echo " done." + + echo -n "Setting up system services " + + mkdir -p /var/lib/taler-auditor/tmp + chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp + chmod 770 /var/lib/taler-auditor/tmp + chmod +s /var/lib/taler-auditor/tmp + + systemctl daemon-reload + + echo "done." + + # Cleaning + echo "All done." + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm new file mode 100644 index 000000000..7697a4142 --- /dev/null +++ b/debian/taler-auditor.postrm @@ -0,0 +1,58 @@ +#!/bin/sh + +set -e + +pathfind() { + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$*" ]; then + IFS="$OLDIFS" + return 0 + fi + done + IFS="$OLDIFS" + return 1 +} + +if [ -f /usr/share/debconf/confmodule ]; +then + . /usr/share/debconf/confmodule +fi + +case "${1}" in + purge) + db_version 2.0 + + db_get taler-auditor/username + _USERNAME="${RET:-taler-auditor-httpd}" + + db_get taler-auditor/groupname + _GROUPNAME="${RET:-taler-auditor-httpd}" + + if pathfind deluser + then + deluser --quiet --system ${_USERNAME} || true + fi + + if pathfind delgroup + then + delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true + fi + + rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + ;; + + *) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates new file mode 100644 index 000000000..06eac63b7 --- /dev/null +++ b/debian/taler-auditor.templates @@ -0,0 +1,16 @@ +Template: taler-auditor/username +Type: string +Default: taler-auditor-httpd +_Description: Taler user: + Please choose the user that the taler-auditor-httpd process will run as. + . + This should be a dedicated account. If the specified account does not + already exist, it will automatically be created, with no login shell. + +Template: taler-auditor/groupname +Type: string +Default: taler-auditor-httpd +_Description: Taler group: + Please choose the group that the taler-auditor-httpd will run as. + . + This should be a dedicated group, not one that already owns data. diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install index eee4a8fc7..add23672c 100644 --- a/debian/taler-exchange.install +++ b/debian/taler-exchange.install @@ -1,4 +1,4 @@ usr/bin/ usr/lib/*/taler/*.so debian/etc/* etc/ -debian/conf/* etc/taler-exchange/ +debian/exchange-conf/* etc/taler-exchange/ diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 3ef46bf2b..cf48f8782 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -3,26 +3,6 @@ set -e -apache_install() { - mkdir -p /etc/apache2/conf-available - if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ]; - then - cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf - fi - a2enmod proxy - a2enmod proxy_http - a2enmod headers -} - - -nginx_install() { - mkdir -p /etc/nginx/conf-available - if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ]; - then - cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf - fi -} - . /usr/share/debconf/confmodule case "${1}" in |