aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-26 14:18:02 +0200
committerFlorian Dold <florian@dold.me>2021-07-26 14:18:02 +0200
commit5430dc34180e1c72c9a09f9eb17c2999e426bf77 (patch)
treedd5f153937c98d888f39220a669f608a26c34b84
parenta06a6a22ea01020c8c02434a3e0caa59a5bb0dd8 (diff)
debian: revise maintainer scripts and service files
-rw-r--r--debian/changelog8
-rw-r--r--debian/control21
-rw-r--r--debian/etc/taler/exchange-offline.conf8
-rw-r--r--debian/libtalerexchange.install1
-rw-r--r--debian/taler-auditor.postinst111
-rw-r--r--debian/taler-auditor.postrm57
-rw-r--r--debian/taler-auditor.taler-auditor-httpd.service13
-rw-r--r--debian/taler-auditor.templates16
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-aggregator.service14
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-httpd.service21
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service14
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service14
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-transfer.service15
-rw-r--r--debian/taler-exchange-httpd.taler-exchange-wirewatch.service15
-rw-r--r--debian/taler-exchange-offline.install5
-rw-r--r--debian/taler-exchange-offline.postinst42
-rw-r--r--debian/taler-exchange.config25
-rw-r--r--debian/taler-exchange.install33
-rw-r--r--debian/taler-exchange.postinst214
-rw-r--r--debian/taler-exchange.postrm72
-rw-r--r--debian/taler-exchange.templates67
21 files changed, 283 insertions, 503 deletions
diff --git a/debian/changelog b/debian/changelog
index be14355a4..ecd2b0aef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+taler-exchange (0.9.0-15) unstable; urgency=low
+
+ * New Taler amount operations (set zero, ...) added.
+ * New configuration file structure
+ * New taler-exchange-offline package
+
+ -- Florian Dold <dold@taler.net> Mon, 26 Jul 2021 11:21:39 +0200
+
taler-exchange (0.9.0-14) unstable; urgency=low
* Expose additional symbols needed in merchant logic.
diff --git a/debian/control b/debian/control
index 8ea436dfa..4e95256ca 100644
--- a/debian/control
+++ b/debian/control
@@ -44,7 +44,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
-Description: libraries to talk to a GNU Taler exchange.
+Description: libraries to talk to a GNU Taler exchange
Package: taler-exchange-database
Architecture: any
@@ -55,7 +55,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
-Description: programs and libraries to manage a GNU Taler exchange database.
+Description: programs and libraries to manage a GNU Taler exchange database
Package: taler-exchange
Architecture: any
@@ -71,7 +71,20 @@ Depends:
dbconfig-pgsql | dbconfig-no-thanks,
${misc:Depends},
${shlibs:Depends}
-Description: GNU's payment system operator.
+Description: GNU's payment system operator
+
+Package: taler-exchange-offline
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ libtalerexchange (= ${binary:Version}),
+ adduser,
+ lsb-base,
+ netbase,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: tools for managing the GNU Taler exchange offline keys
Package: taler-auditor
Architecture: any
@@ -87,7 +100,7 @@ Depends:
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
-Description: GNU's payment system auditor.
+Description: GNU's payment system auditor
Package: libtalerexchange-dev
Section: libdevel
diff --git a/debian/etc/taler/exchange-offline.conf b/debian/etc/taler/exchange-offline.conf
new file mode 100644
index 000000000..c1c039f91
--- /dev/null
+++ b/debian/etc/taler/exchange-offline.conf
@@ -0,0 +1,8 @@
+# This configuration file is the entry point for the offline key management.
+#
+# It includes other configuration files, which are applied on top of the
+# read-only base configuration (typically in /usr/share/taler/config.d/).
+
+# This file should be identical to the business configuration of the running
+# online exchange
+@INLINE@ exchange-business.conf
diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install
index 9e1983c93..8aa7f7c03 100644
--- a/debian/libtalerexchange.install
+++ b/debian/libtalerexchange.install
@@ -3,3 +3,4 @@ usr/lib/*/libtaler*
usr/share/taler/config.d/paths.conf
usr/share/taler/config.d/taler.conf
usr/share/man/man5/taler.conf.5
+usr/share/man/man1/taler-config*
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
index 7d3865080..8e032cbdc 100644
--- a/debian/taler-auditor.postinst
+++ b/debian/taler-auditor.postinst
@@ -4,90 +4,35 @@ set -e
. /usr/share/debconf/confmodule
-case "${1}" in
- configure)
- db_version 2.0
-
- db_get taler-auditor/username
- _USERNAME="${RET:-taler-auditor-httpd}"
-
- db_get taler-auditor/groupname
- _GROUPNAME="${RET:-taler-auditor-httpd}"
-
- db_stop
-
- CONFIG_FILE="/etc/default/taler-auditor"
- TALER_HOME="/var/lib/taler-auditor"
-
- # Creating taler groups as needed
- if ! getent group ${_GROUPNAME} > /dev/null
- then
- echo -n "Creating new Taler group ${_GROUPNAME}:"
- addgroup --quiet --system ${_GROUPNAME}
- echo " done."
- fi
- # Creating taler users if needed
- if ! getent passwd ${_USERNAME} > /dev/null
- then
- echo -n "Creating new Taler user ${_USERNAME}:"
- adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
- echo " done."
- fi
- # Writing new values to configuration file
- echo -n "Writing new configuration file:"
- CONFIG_NEW=$(tempfile)
-
-cat > "${CONFIG_NEW}" <<EOF
-# This file controls the behaviour of the Taler init script.
-# It will be parsed as a shell script.
-# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
-
-TALER_USER=${_USERNAME}
-TALER_GROUP=${_GROUPNAME}
-EOF
-
-cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
-[Unit]
-Description=GNU Taler payment system auditor REST API
-After=postgres.service network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-auditor
-User=${_USERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+CONFIG_FILE="/etc/default/taler-auditor"
+TALER_HOME="/var/lib/taler-auditor"
+_USERNAME=taler-auditor-httpd
+_GROUPNAME=taler-auditor-httpd
-[Install]
-WantedBy=multi-user.target
-EOF
-
- cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
- rm -f "${CONFIG_NEW}"
- echo " done."
-
- echo -n "Setting up system services "
-
- mkdir -p /var/lib/taler-auditor/tmp
- chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
- chmod 770 /var/lib/taler-auditor/tmp
- chmod +s /var/lib/taler-auditor/tmp
-
- systemctl daemon-reload
-
- echo "done."
-
- # Cleaning
- echo "All done."
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+case "${1}" in
+configure)
+ # Creating taler groups as needed
+ if ! getent group ${_GROUPNAME} >/dev/null; then
+ echo -n "Creating new Taler group ${_GROUPNAME} ..."
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+ # Creating taler users if needed
+ if ! getent passwd ${_USERNAME} >/dev/null; then
+ echo -n "Creating new Taler user ${_USERNAME} ..."
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
+ echo " done."
+ fi
+
+ # Cleaning
+ echo "All done."
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+*)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
index 7697a4142..82e826756 100644
--- a/debian/taler-auditor.postrm
+++ b/debian/taler-auditor.postrm
@@ -2,55 +2,20 @@
set -e
-pathfind() {
- OLDIFS="$IFS"
- IFS=:
- for p in $PATH; do
- if [ -x "$p/$*" ]; then
- IFS="$OLDIFS"
- return 0
- fi
- done
- IFS="$OLDIFS"
- return 1
-}
-
-if [ -f /usr/share/debconf/confmodule ];
-then
- . /usr/share/debconf/confmodule
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
fi
case "${1}" in
- purge)
- db_version 2.0
-
- db_get taler-auditor/username
- _USERNAME="${RET:-taler-auditor-httpd}"
-
- db_get taler-auditor/groupname
- _GROUPNAME="${RET:-taler-auditor-httpd}"
-
- if pathfind deluser
- then
- deluser --quiet --system ${_USERNAME} || true
- fi
-
- if pathfind delgroup
- then
- delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
- fi
-
- rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-
- ;;
-
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+purge)
+ rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
+ ;;
+
+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
+*)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-auditor.taler-auditor-httpd.service b/debian/taler-auditor.taler-auditor-httpd.service
new file mode 100644
index 000000000..08a07327d
--- /dev/null
+++ b/debian/taler-auditor.taler-auditor-httpd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=GNU Taler payment system auditor REST API
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-auditor
+User=taler-auditor-httpd
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates
deleted file mode 100644
index 06eac63b7..000000000
--- a/debian/taler-auditor.templates
+++ /dev/null
@@ -1,16 +0,0 @@
-Template: taler-auditor/username
-Type: string
-Default: taler-auditor-httpd
-_Description: Taler user:
- Please choose the user that the taler-auditor-httpd process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-auditor/groupname
-Type: string
-Default: taler-auditor-httpd
-_Description: Taler group:
- Please choose the group that the taler-auditor-httpd will run as.
- .
- This should be a dedicated group, not one that already owns data.
diff --git a/debian/taler-exchange-httpd.taler-exchange-aggregator.service b/debian/taler-exchange-httpd.taler-exchange-aggregator.service
new file mode 100644
index 000000000..91b0ade74
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-aggregator.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange aggregator service
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-aggregator
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-httpd.service b/debian/taler-exchange-httpd.taler-exchange-httpd.service
new file mode 100644
index 000000000..e88bd84f2
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-httpd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=GNU Taler payment system exchange REST API
+AssertPathExists=/var/lib/taler-exchange/
+Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
+Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-httpd
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
new file mode 100644
index 000000000..3bd9cc554
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange EdDSA security module
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-secmod-eddsa
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
new file mode 100644
index 000000000..274485473
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GNU Taler payment system exchange RSA security module
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-secmod-rsa
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-transfer.service b/debian/taler-exchange-httpd.taler-exchange-transfer.service
new file mode 100644
index 000000000..00fe977fe
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-transfer.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=GNU Taler payment system exchange transfer service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-wire
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-httpd.taler-exchange-wirewatch.service b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service
new file mode 100644
index 000000000..3f3010626
--- /dev/null
+++ b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=GNU Taler payment system exchange wirewatch service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-exchange
+User=taler-exchange-wire
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
diff --git a/debian/taler-exchange-offline.install b/debian/taler-exchange-offline.install
new file mode 100644
index 000000000..fbaef9b94
--- /dev/null
+++ b/debian/taler-exchange-offline.install
@@ -0,0 +1,5 @@
+usr/bin/taler-exchange-offline
+usr/share/man/man1/taler-exchange-offline
+
+# configuration files in /etc/taler
+debian/etc/taler/exchange-offline.conf etc/taler/
diff --git a/debian/taler-exchange-offline.postinst b/debian/taler-exchange-offline.postinst
new file mode 100644
index 000000000..125afbc5b
--- /dev/null
+++ b/debian/taler-exchange-offline.postinst
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+TALEROFF_HOME="/var/lib/taler-exchange-offline"
+
+# usage: lncfg user home target
+function lncfg() {
+ local cf=$TALER_HOME/$2/.config
+ if [ ! -e $cf ]; then
+ mkdir $cf
+ chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf
+ fi
+ ln -sf $3 $cf/taler.conf
+}
+
+case "${1}" in
+configure)
+
+ addgroup --quiet --system taler-exchange-offline
+
+ adduser --quiet --system --ingroup taler-exchange-offline --home ${TALEROFF_HOME}/httpd taler-exchange-offline
+
+ lncfg taler-exchange-offline taler-exchange-offline /etc/taler/exchange-offline.conf
+
+ # Cleaning
+ echo "All done."
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+
+*)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config
deleted file mode 100644
index c8ef2b4ff..000000000
--- a/debian/taler-exchange.config
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-
-set -e
-
-. /usr/share/debconf/confmodule
-
-db_input low taler-exchange/eusername || true
-db_go
-
-db_input low taler-exchange/rsecusername || true
-db_go
-
-db_input low taler-exchange/esecusername || true
-db_go
-
-db_input low taler-exchange/wireusername || true
-db_go
-
-db_input low taler-exchange/aggrusername || true
-db_go
-
-db_input low taler-exchange/groupname || true
-db_go
-
-db_stop
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index 87e3d0565..3f7ad39d9 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,17 +1,42 @@
-usr/bin/taler-exchange-*
+usr/bin/taler-exchange-aggregator
+usr/bin/taler-exchange-benchmark
+usr/bin/taler-exchange-closer
+usr/bin/taler-exchange-dbinit
+usr/bin/taler-exchange-httpd
+usr/bin/taler-exchange-secmod-eddsa
+usr/bin/taler-exchange-secmod-rsa
+usr/bin/taler-exchange-transfer
+usr/bin/taler-exchange-wirewatch
usr/bin/taler-bank-benchmark
usr/bin/taler-bank-manage-testing
usr/bin/taler-fakebank-run
usr/bin/taler-nexus-prepare
usr/bin/taler-wire-gateway-client
-usr/share/man/man1/taler-exchange*
+usr/share/man/man1/taler-exchange-aggregator
+usr/share/man/man1/taler-exchange-benchmark
+usr/share/man/man1/taler-exchange-closer
+usr/share/man/man1/taler-exchange-dbinit
+usr/share/man/man1/taler-exchange-httpd
+usr/share/man/man1/taler-exchange-secmod-eddsa
+usr/share/man/man1/taler-exchange-secmod-rsa
+usr/share/man/man1/taler-exchange-transfer
+usr/share/man/man1/taler-exchange-wirewatch
usr/share/man/man1/taler-bank*
-usr/share/man/man1/taler-config*
usr/share/man/man1/taler-wire*
usr/share/info/taler-bank*
usr/share/info/taler-exchange*
usr/share/taler/config.d/*
-debian/etc/taler/exchange* etc/taler/
+
+# configuration files in /etc/taler
+debian/etc/taler/exchange-business.conf etc/taler/
+debian/etc/taler/exchange-db.conf etc/taler/
+debian/etc/taler/exchange-service-default.conf etc/taler/
+debian/etc/taler/exchange-service-wire.conf etc/taler/
+debian/etc/taler/exchange-system.conf etc/taler
+debian/etc/taler/exchange-wire-gateway.conf etc/taler/
+
+# sample config files
debian/exchange-conf/* usr/share/taler/sample-configs/
+
usr/share/taler-exchange/pp/*/*
usr/share/taler-exchange/tos/*/*
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index f3a9a6f2b..61e1a4778 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -5,6 +5,14 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler-exchange"
+CONFIG_FILE="/etc/default/taler-exchange"
+_GROUPNAME=taler-exchange-secmod
+_DBGROUPNAME=taler-exchange-db
+_EUSERNAME=taler-exchange-httpd
+_RSECUSERNAME=taler-exchange-secmod-rsa
+_ESECUSERNAME=taler-exchange-secmod-rsa
+_AGGRUSERNAME=taler-exchange-aggregator
+_WIREUSERNAME=taler-exchange-wire
# usage: fixperm user:group perms file
function fixperm() {
@@ -24,240 +32,52 @@ function lncfg() {
case "${1}" in
configure)
- db_version 2.0
- db_get taler-exchange/eusername
- _EUSERNAME="${RET:-taler-exchange-httpd}"
-
- db_get taler-exchange/rsecusername
- _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
-
- db_get taler-exchange/esecusername
- _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
-
- db_get taler-exchange/wireusername
- _WIREUSERNAME="${RET:-taler-exchange-wire}"
-
- db_get taler-exchange/aggrusername
- _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
-
- db_get taler-exchange/groupname
- _GROUPNAME="${RET:-taler-private}"
-
- db_get taler-exchange/dbgroupname
- _DBGROUPNAME="${RET:-taler-exchange-db}"
-
- db_stop
-
- CONFIG_FILE="/etc/default/taler-exchange"
-
- # Creating taler groups as needed
+ # Create taler groups as needed
if ! getent group ${_GROUPNAME} >/dev/null; then
- echo -n "Creating new Taler group ${_GROUPNAME}:"
+ echo -n "Creating new Taler group ${_GROUPNAME} ..."
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
if ! getent group ${_DBGROUPNAME} >/dev/null; then
- echo -n "Creating new Taler group ${_DBGROUPNAME}:"
+ echo -n "Creating new Taler group ${_DBGROUPNAME} ..."
addgroup --quiet --system ${_DBGROUPNAME}
echo " done."
fi
- # Creating taler users if needed
+ # Create taler users if needed
if ! getent passwd ${_EUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_EUSERNAME}:"
+ echo -n "Creating new Taler user ${_EUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_RSECUSERNAME}:"
+ echo -n "Creating new Taler user ${_RSECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
echo " done."
fi
if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_ESECUSERNAME}:"
+ echo -n "Creating new Taler user ${_ESECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
echo " done."
fi
if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_WIREUSERNAME}:"
+ echo -n "Creating new Taler user ${_WIREUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
- echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
+ echo -n "Creating new Taler user ${_AGGRUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
- # Writing new values to configuration file
- echo -n "Writing new configuration file:"
- CONFIG_NEW=$(tempfile)
-
- cat >"${CONFIG_NEW}" <<EOF
-# This file controls the behaviour of the Taler init script.
-# It will be parsed as a shell script.
-# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
-
-TALER_EUSER=${_EUSERNAME}
-TALER_RSECUSER=${_RSECUSERNAME}
-TALER_ESECUSER=${_ESECUSERNAME}
-TALER_WIREUSER=${_WIREUSERNAME}
-TALER_AGGRUSER=${_AGGRUSERNAME}
-TALER_GROUP=${_GROUPNAME}
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
-[Unit]
-Description=Taler Exchange Socket
-PartOf=taler-exchange-httpd.service
-
-[Socket]
-ListenStream=/var/lib/taler-exchange/exchange.sock
-Accept=no
-Service=taler-exchange-httpd.service
-SocketUser=${_EUSERNAME}
-SocketGroup=www-data
-SocketMode=0660
-
-[Install]
-WantedBy=sockets.target
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange REST API
-AssertPathExists=/var/lib/taler-exchange/
-Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
-Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
-After=postgres.service network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_EUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
- cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange RSA security module
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_RSECUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange EdDSA security module
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_ESECUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=no
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange wirewatch service
-After=network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_WIREUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange transfer service
-After=network.target
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_WIREUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-EOF
- cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
-[Unit]
-Description=GNU Taler payment system exchange aggregator service
-
-[Service]
-EnvironmentFile=/etc/default/taler-exchange
-User=${_AGGRUSERNAME}
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
-StandardOutput=journal
-StandardError=journal
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-
-
-EOF
-
- cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
- rm -f "${CONFIG_NEW}"
- echo " done."
-
- echo -n "Setting up system services "
-
- mkdir -p /var/lib/taler-exchange/tmp
- fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp
- chmod +s /var/lib/taler-exchange/tmp
-
fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
- systemctl daemon-reload >/dev/null 2>&1 || true
-
- echo "done."
-
echo -n "Linking config files"
lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf
lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
index 5cefa5bc5..10d67b779 100644
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@@ -2,72 +2,22 @@
set -e
-pathfind() {
- OLDIFS="$IFS"
- IFS=:
- for p in $PATH; do
- if [ -x "$p/$*" ]; then
- IFS="$OLDIFS"
- return 0
- fi
- done
- IFS="$OLDIFS"
- return 1
-}
-
-if [ -f /usr/share/debconf/confmodule ];
-then
- . /usr/share/debconf/confmodule
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
fi
case "${1}" in
- purge)
- db_version 2.0
-
- db_get taler-exchange/eusername
- _EUSERNAME="${RET:-taler-exchange-httpd}"
-
- db_get taler-exchange/rsecusername
- _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
-
- db_get taler-exchange/esecusername
- _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
-
- db_get taler-exchange/wireusername
- _WIREUSERNAME="${RET:-taler-exchange-wire}"
-
- db_get taler-exchange/aggrusername
- _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
-
- db_get taler-exchange/groupname
- _GROUPNAME="${RET:-taler-private}"
-
- if pathfind deluser
- then
- deluser --quiet --system ${_EUSERNAME} || true
- deluser --quiet --system ${_RSECUSERNAME} || true
- deluser --quiet --system ${_ESECUSERNAME} || true
- deluser --quiet --system ${_WIREUSERNAME} || true
- deluser --quiet --system ${_AGGRUSERNAME} || true
- fi
-
- if pathfind delgroup
- then
- delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
- fi
-
- rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
- rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+purge)
+ rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
+ rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf
+ ;;
- ;;
+remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+*)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#
diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates
deleted file mode 100644
index 9428bec22..000000000
--- a/debian/taler-exchange.templates
+++ /dev/null
@@ -1,67 +0,0 @@
-Template: taler-exchange/eusername
-Type: string
-Default: taler-exchange-httpd
-_Description: Taler user:
- Please choose the user that the taler-exchange-httpd process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/rsecusername
-Type: string
-Default: taler-exchange-secmod-rsa
-_Description: Taler user:
- Please choose the user that the taler-exchange-secmod-rsa process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/esecusername
-Type: string
-Default: taler-exchange-secmod-eddsa
-_Description: Taler user:
- Please choose the user that the taler-exchange-secmod-eddsa process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/wireusername
-Type: string
-Default: taler-exchange-wire
-_Description: Taler user:
- Please choose the user that the taler-exchange-transfer and
- taler-exchange-wirewatch processes will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/aggrusername
-Type: string
-Default: taler-exchange-aggregator
-_Description: Taler user:
- Please choose the user that the taler-exchange-aggregator process will run as.
- .
- This should be a dedicated account. If the specified account does not
- already exist, it will automatically be created, with no login shell.
-
-Template: taler-exchange/groupname
-Type: string
-Default: taler-private
-_Description: Taler group:
- Please choose the group that the Taler exchange and security
- modules will run as.
- .
- This should be a dedicated group, not one that already owns data.
- Only the members of this group will have access to Taler private
- online signing keys.
-
-
-Template: taler-exchange/dbgroupname
-Type: string
-Default: taler-exchange-db
-_Description: Taler group:
- Please choose the group that the Taler users with database access
- should be in.
- .
- This should be a dedicated group, not one that already owns data.
- Only the members of this group will have access to Taler database.