diff options
author | Florian Dold <florian@dold.me> | 2021-07-26 14:18:02 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-07-26 14:18:02 +0200 |
commit | 5430dc34180e1c72c9a09f9eb17c2999e426bf77 (patch) | |
tree | dd5f153937c98d888f39220a669f608a26c34b84 | |
parent | a06a6a22ea01020c8c02434a3e0caa59a5bb0dd8 (diff) |
debian: revise maintainer scripts and service files
21 files changed, 283 insertions, 503 deletions
diff --git a/debian/changelog b/debian/changelog index be14355a4..ecd2b0aef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +taler-exchange (0.9.0-15) unstable; urgency=low + + * New Taler amount operations (set zero, ...) added. + * New configuration file structure + * New taler-exchange-offline package + + -- Florian Dold <dold@taler.net> Mon, 26 Jul 2021 11:21:39 +0200 + taler-exchange (0.9.0-14) unstable; urgency=low * Expose additional symbols needed in merchant logic. diff --git a/debian/control b/debian/control index 8ea436dfa..4e95256ca 100644 --- a/debian/control +++ b/debian/control @@ -44,7 +44,7 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: libraries to talk to a GNU Taler exchange. +Description: libraries to talk to a GNU Taler exchange Package: taler-exchange-database Architecture: any @@ -55,7 +55,7 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: programs and libraries to manage a GNU Taler exchange database. +Description: programs and libraries to manage a GNU Taler exchange database Package: taler-exchange Architecture: any @@ -71,7 +71,20 @@ Depends: dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}, ${shlibs:Depends} -Description: GNU's payment system operator. +Description: GNU's payment system operator + +Package: taler-exchange-offline +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + libtalerexchange (= ${binary:Version}), + adduser, + lsb-base, + netbase, + ${misc:Depends}, + ${shlibs:Depends} +Description: tools for managing the GNU Taler exchange offline keys Package: taler-auditor Architecture: any @@ -87,7 +100,7 @@ Depends: python3-jinja2, ${misc:Depends}, ${shlibs:Depends} -Description: GNU's payment system auditor. +Description: GNU's payment system auditor Package: libtalerexchange-dev Section: libdevel diff --git a/debian/etc/taler/exchange-offline.conf b/debian/etc/taler/exchange-offline.conf new file mode 100644 index 000000000..c1c039f91 --- /dev/null +++ b/debian/etc/taler/exchange-offline.conf @@ -0,0 +1,8 @@ +# This configuration file is the entry point for the offline key management. +# +# It includes other configuration files, which are applied on top of the +# read-only base configuration (typically in /usr/share/taler/config.d/). + +# This file should be identical to the business configuration of the running +# online exchange +@INLINE@ exchange-business.conf diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install index 9e1983c93..8aa7f7c03 100644 --- a/debian/libtalerexchange.install +++ b/debian/libtalerexchange.install @@ -3,3 +3,4 @@ usr/lib/*/libtaler* usr/share/taler/config.d/paths.conf usr/share/taler/config.d/taler.conf usr/share/man/man5/taler.conf.5 +usr/share/man/man1/taler-config* diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst index 7d3865080..8e032cbdc 100644 --- a/debian/taler-auditor.postinst +++ b/debian/taler-auditor.postinst @@ -4,90 +4,35 @@ set -e . /usr/share/debconf/confmodule -case "${1}" in - configure) - db_version 2.0 - - db_get taler-auditor/username - _USERNAME="${RET:-taler-auditor-httpd}" - - db_get taler-auditor/groupname - _GROUPNAME="${RET:-taler-auditor-httpd}" - - db_stop - - CONFIG_FILE="/etc/default/taler-auditor" - TALER_HOME="/var/lib/taler-auditor" - - # Creating taler groups as needed - if ! getent group ${_GROUPNAME} > /dev/null - then - echo -n "Creating new Taler group ${_GROUPNAME}:" - addgroup --quiet --system ${_GROUPNAME} - echo " done." - fi - # Creating taler users if needed - if ! getent passwd ${_USERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_USERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME} - echo " done." - fi - # Writing new values to configuration file - echo -n "Writing new configuration file:" - CONFIG_NEW=$(tempfile) - -cat > "${CONFIG_NEW}" <<EOF -# This file controls the behaviour of the Taler init script. -# It will be parsed as a shell script. -# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'. - -TALER_USER=${_USERNAME} -TALER_GROUP=${_GROUPNAME} -EOF - -cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF -[Unit] -Description=GNU Taler payment system auditor REST API -After=postgres.service network.target - -[Service] -EnvironmentFile=/etc/default/taler-auditor -User=${_USERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf +CONFIG_FILE="/etc/default/taler-auditor" +TALER_HOME="/var/lib/taler-auditor" +_USERNAME=taler-auditor-httpd +_GROUPNAME=taler-auditor-httpd -[Install] -WantedBy=multi-user.target -EOF - - cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" - rm -f "${CONFIG_NEW}" - echo " done." - - echo -n "Setting up system services " - - mkdir -p /var/lib/taler-auditor/tmp - chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp - chmod 770 /var/lib/taler-auditor/tmp - chmod +s /var/lib/taler-auditor/tmp - - systemctl daemon-reload - - echo "done." - - # Cleaning - echo "All done." - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`${1}'" >&2 - exit 1 - ;; +case "${1}" in +configure) + # Creating taler groups as needed + if ! getent group ${_GROUPNAME} >/dev/null; then + echo -n "Creating new Taler group ${_GROUPNAME} ..." + addgroup --quiet --system ${_GROUPNAME} + echo " done." + fi + # Creating taler users if needed + if ! getent passwd ${_USERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_USERNAME} ..." + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME} + echo " done." + fi + + # Cleaning + echo "All done." + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm index 7697a4142..82e826756 100644 --- a/debian/taler-auditor.postrm +++ b/debian/taler-auditor.postrm @@ -2,55 +2,20 @@ set -e -pathfind() { - OLDIFS="$IFS" - IFS=: - for p in $PATH; do - if [ -x "$p/$*" ]; then - IFS="$OLDIFS" - return 0 - fi - done - IFS="$OLDIFS" - return 1 -} - -if [ -f /usr/share/debconf/confmodule ]; -then - . /usr/share/debconf/confmodule +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule fi case "${1}" in - purge) - db_version 2.0 - - db_get taler-auditor/username - _USERNAME="${RET:-taler-auditor-httpd}" - - db_get taler-auditor/groupname - _GROUPNAME="${RET:-taler-auditor-httpd}" - - if pathfind deluser - then - deluser --quiet --system ${_USERNAME} || true - fi - - if pathfind delgroup - then - delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true - fi - - rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor - ;; - - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - - ;; - - *) - echo "postrm called with unknown argument \`${1}'" >&2 - exit 1 - ;; +purge) + rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor + ;; + +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; +*) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-auditor.taler-auditor-httpd.service b/debian/taler-auditor.taler-auditor-httpd.service new file mode 100644 index 000000000..08a07327d --- /dev/null +++ b/debian/taler-auditor.taler-auditor-httpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=GNU Taler payment system auditor REST API +After=postgres.service network.target + +[Service] +EnvironmentFile=/etc/default/taler-auditor +User=taler-auditor-httpd +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/taler-auditor.templates b/debian/taler-auditor.templates deleted file mode 100644 index 06eac63b7..000000000 --- a/debian/taler-auditor.templates +++ /dev/null @@ -1,16 +0,0 @@ -Template: taler-auditor/username -Type: string -Default: taler-auditor-httpd -_Description: Taler user: - Please choose the user that the taler-auditor-httpd process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-auditor/groupname -Type: string -Default: taler-auditor-httpd -_Description: Taler group: - Please choose the group that the taler-auditor-httpd will run as. - . - This should be a dedicated group, not one that already owns data. diff --git a/debian/taler-exchange-httpd.taler-exchange-aggregator.service b/debian/taler-exchange-httpd.taler-exchange-aggregator.service new file mode 100644 index 000000000..91b0ade74 --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-aggregator.service @@ -0,0 +1,14 @@ +[Unit] +Description=GNU Taler payment system exchange aggregator service + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-aggregator +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full diff --git a/debian/taler-exchange-httpd.taler-exchange-httpd.service b/debian/taler-exchange-httpd.taler-exchange-httpd.service new file mode 100644 index 000000000..e88bd84f2 --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-httpd.service @@ -0,0 +1,21 @@ +[Unit] +Description=GNU Taler payment system exchange REST API +AssertPathExists=/var/lib/taler-exchange/ +Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service +After=postgres.service network.target + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-httpd +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full + +[Install] +WantedBy=multi-user.target diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service new file mode 100644 index 000000000..3bd9cc554 --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service @@ -0,0 +1,14 @@ +[Unit] +Description=GNU Taler payment system exchange EdDSA security module + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-secmod-eddsa +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full diff --git a/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service new file mode 100644 index 000000000..274485473 --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service @@ -0,0 +1,14 @@ +[Unit] +Description=GNU Taler payment system exchange RSA security module + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-secmod-rsa +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full diff --git a/debian/taler-exchange-httpd.taler-exchange-transfer.service b/debian/taler-exchange-httpd.taler-exchange-transfer.service new file mode 100644 index 000000000..00fe977fe --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-transfer.service @@ -0,0 +1,15 @@ +[Unit] +Description=GNU Taler payment system exchange transfer service +After=network.target + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-wire +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full diff --git a/debian/taler-exchange-httpd.taler-exchange-wirewatch.service b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service new file mode 100644 index 000000000..3f3010626 --- /dev/null +++ b/debian/taler-exchange-httpd.taler-exchange-wirewatch.service @@ -0,0 +1,15 @@ +[Unit] +Description=GNU Taler payment system exchange wirewatch service +After=network.target + +[Service] +EnvironmentFile=/etc/default/taler-exchange +User=taler-exchange-wire +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full diff --git a/debian/taler-exchange-offline.install b/debian/taler-exchange-offline.install new file mode 100644 index 000000000..fbaef9b94 --- /dev/null +++ b/debian/taler-exchange-offline.install @@ -0,0 +1,5 @@ +usr/bin/taler-exchange-offline +usr/share/man/man1/taler-exchange-offline + +# configuration files in /etc/taler +debian/etc/taler/exchange-offline.conf etc/taler/ diff --git a/debian/taler-exchange-offline.postinst b/debian/taler-exchange-offline.postinst new file mode 100644 index 000000000..125afbc5b --- /dev/null +++ b/debian/taler-exchange-offline.postinst @@ -0,0 +1,42 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +TALEROFF_HOME="/var/lib/taler-exchange-offline" + +# usage: lncfg user home target +function lncfg() { + local cf=$TALER_HOME/$2/.config + if [ ! -e $cf ]; then + mkdir $cf + chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf + fi + ln -sf $3 $cf/taler.conf +} + +case "${1}" in +configure) + + addgroup --quiet --system taler-exchange-offline + + adduser --quiet --system --ingroup taler-exchange-offline --home ${TALEROFF_HOME}/httpd taler-exchange-offline + + lncfg taler-exchange-offline taler-exchange-offline /etc/taler/exchange-offline.conf + + # Cleaning + echo "All done." + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config deleted file mode 100644 index c8ef2b4ff..000000000 --- a/debian/taler-exchange.config +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh - -set -e - -. /usr/share/debconf/confmodule - -db_input low taler-exchange/eusername || true -db_go - -db_input low taler-exchange/rsecusername || true -db_go - -db_input low taler-exchange/esecusername || true -db_go - -db_input low taler-exchange/wireusername || true -db_go - -db_input low taler-exchange/aggrusername || true -db_go - -db_input low taler-exchange/groupname || true -db_go - -db_stop diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install index 87e3d0565..3f7ad39d9 100644 --- a/debian/taler-exchange.install +++ b/debian/taler-exchange.install @@ -1,17 +1,42 @@ -usr/bin/taler-exchange-* +usr/bin/taler-exchange-aggregator +usr/bin/taler-exchange-benchmark +usr/bin/taler-exchange-closer +usr/bin/taler-exchange-dbinit +usr/bin/taler-exchange-httpd +usr/bin/taler-exchange-secmod-eddsa +usr/bin/taler-exchange-secmod-rsa +usr/bin/taler-exchange-transfer +usr/bin/taler-exchange-wirewatch usr/bin/taler-bank-benchmark usr/bin/taler-bank-manage-testing usr/bin/taler-fakebank-run usr/bin/taler-nexus-prepare usr/bin/taler-wire-gateway-client -usr/share/man/man1/taler-exchange* +usr/share/man/man1/taler-exchange-aggregator +usr/share/man/man1/taler-exchange-benchmark +usr/share/man/man1/taler-exchange-closer +usr/share/man/man1/taler-exchange-dbinit +usr/share/man/man1/taler-exchange-httpd +usr/share/man/man1/taler-exchange-secmod-eddsa +usr/share/man/man1/taler-exchange-secmod-rsa +usr/share/man/man1/taler-exchange-transfer +usr/share/man/man1/taler-exchange-wirewatch usr/share/man/man1/taler-bank* -usr/share/man/man1/taler-config* usr/share/man/man1/taler-wire* usr/share/info/taler-bank* usr/share/info/taler-exchange* usr/share/taler/config.d/* -debian/etc/taler/exchange* etc/taler/ + +# configuration files in /etc/taler +debian/etc/taler/exchange-business.conf etc/taler/ +debian/etc/taler/exchange-db.conf etc/taler/ +debian/etc/taler/exchange-service-default.conf etc/taler/ +debian/etc/taler/exchange-service-wire.conf etc/taler/ +debian/etc/taler/exchange-system.conf etc/taler +debian/etc/taler/exchange-wire-gateway.conf etc/taler/ + +# sample config files debian/exchange-conf/* usr/share/taler/sample-configs/ + usr/share/taler-exchange/pp/*/* usr/share/taler-exchange/tos/*/* diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index f3a9a6f2b..61e1a4778 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -5,6 +5,14 @@ set -e . /usr/share/debconf/confmodule TALER_HOME="/var/lib/taler-exchange" +CONFIG_FILE="/etc/default/taler-exchange" +_GROUPNAME=taler-exchange-secmod +_DBGROUPNAME=taler-exchange-db +_EUSERNAME=taler-exchange-httpd +_RSECUSERNAME=taler-exchange-secmod-rsa +_ESECUSERNAME=taler-exchange-secmod-rsa +_AGGRUSERNAME=taler-exchange-aggregator +_WIREUSERNAME=taler-exchange-wire # usage: fixperm user:group perms file function fixperm() { @@ -24,240 +32,52 @@ function lncfg() { case "${1}" in configure) - db_version 2.0 - db_get taler-exchange/eusername - _EUSERNAME="${RET:-taler-exchange-httpd}" - - db_get taler-exchange/rsecusername - _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" - - db_get taler-exchange/esecusername - _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" - - db_get taler-exchange/wireusername - _WIREUSERNAME="${RET:-taler-exchange-wire}" - - db_get taler-exchange/aggrusername - _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" - - db_get taler-exchange/groupname - _GROUPNAME="${RET:-taler-private}" - - db_get taler-exchange/dbgroupname - _DBGROUPNAME="${RET:-taler-exchange-db}" - - db_stop - - CONFIG_FILE="/etc/default/taler-exchange" - - # Creating taler groups as needed + # Create taler groups as needed if ! getent group ${_GROUPNAME} >/dev/null; then - echo -n "Creating new Taler group ${_GROUPNAME}:" + echo -n "Creating new Taler group ${_GROUPNAME} ..." addgroup --quiet --system ${_GROUPNAME} echo " done." fi if ! getent group ${_DBGROUPNAME} >/dev/null; then - echo -n "Creating new Taler group ${_DBGROUPNAME}:" + echo -n "Creating new Taler group ${_DBGROUPNAME} ..." addgroup --quiet --system ${_DBGROUPNAME} echo " done." fi - # Creating taler users if needed + # Create taler users if needed if ! getent passwd ${_EUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_EUSERNAME}:" + echo -n "Creating new Taler user ${_EUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} adduser ${_EUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_RSECUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_RSECUSERNAME}:" + echo -n "Creating new Taler user ${_RSECUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME} echo " done." fi if ! getent passwd ${_ESECUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_ESECUSERNAME}:" + echo -n "Creating new Taler user ${_ESECUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME} echo " done." fi if ! getent passwd ${_WIREUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_WIREUSERNAME}:" + echo -n "Creating new Taler user ${_WIREUSERNAME} ..." adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_AGGRUSERNAME}:" + echo -n "Creating new Taler user ${_AGGRUSERNAME} ..." adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} echo " done." fi - # Writing new values to configuration file - echo -n "Writing new configuration file:" - CONFIG_NEW=$(tempfile) - - cat >"${CONFIG_NEW}" <<EOF -# This file controls the behaviour of the Taler init script. -# It will be parsed as a shell script. -# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'. - -TALER_EUSER=${_EUSERNAME} -TALER_RSECUSER=${_RSECUSERNAME} -TALER_ESECUSER=${_ESECUSERNAME} -TALER_WIREUSER=${_WIREUSERNAME} -TALER_AGGRUSER=${_AGGRUSERNAME} -TALER_GROUP=${_GROUPNAME} -EOF - - cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF -[Unit] -Description=Taler Exchange Socket -PartOf=taler-exchange-httpd.service - -[Socket] -ListenStream=/var/lib/taler-exchange/exchange.sock -Accept=no -Service=taler-exchange-httpd.service -SocketUser=${_EUSERNAME} -SocketGroup=www-data -SocketMode=0660 - -[Install] -WantedBy=sockets.target -EOF - - cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange REST API -AssertPathExists=/var/lib/taler-exchange/ -Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service -Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service -After=postgres.service network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_EUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -[Install] -WantedBy=multi-user.target -EOF - - cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange RSA security module - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_RSECUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange EdDSA security module - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_ESECUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange wirewatch service -After=network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_WIREUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - - -EOF - cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange transfer service -After=network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_WIREUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange aggregator service - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_AGGRUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - - -EOF - - cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" - rm -f "${CONFIG_NEW}" - echo " done." - - echo -n "Setting up system services " - - mkdir -p /var/lib/taler-exchange/tmp - fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp - chmod +s /var/lib/taler-exchange/tmp - fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf - systemctl daemon-reload >/dev/null 2>&1 || true - - echo "done." - echo -n "Linking config files" lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index 5cefa5bc5..10d67b779 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -2,72 +2,22 @@ set -e -pathfind() { - OLDIFS="$IFS" - IFS=: - for p in $PATH; do - if [ -x "$p/$*" ]; then - IFS="$OLDIFS" - return 0 - fi - done - IFS="$OLDIFS" - return 1 -} - -if [ -f /usr/share/debconf/confmodule ]; -then - . /usr/share/debconf/confmodule +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule fi case "${1}" in - purge) - db_version 2.0 - - db_get taler-exchange/eusername - _EUSERNAME="${RET:-taler-exchange-httpd}" - - db_get taler-exchange/rsecusername - _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" - - db_get taler-exchange/esecusername - _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" - - db_get taler-exchange/wireusername - _WIREUSERNAME="${RET:-taler-exchange-wire}" - - db_get taler-exchange/aggrusername - _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" - - db_get taler-exchange/groupname - _GROUPNAME="${RET:-taler-private}" - - if pathfind deluser - then - deluser --quiet --system ${_EUSERNAME} || true - deluser --quiet --system ${_RSECUSERNAME} || true - deluser --quiet --system ${_ESECUSERNAME} || true - deluser --quiet --system ${_WIREUSERNAME} || true - deluser --quiet --system ${_AGGRUSERNAME} || true - fi - - if pathfind delgroup - then - delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true - fi - - rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange - rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf - ;; - - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +purge) + rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange + rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf + ;; - ;; +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; - *) - echo "postrm called with unknown argument \`${1}'" >&2 - exit 1 - ;; +*) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates deleted file mode 100644 index 9428bec22..000000000 --- a/debian/taler-exchange.templates +++ /dev/null @@ -1,67 +0,0 @@ -Template: taler-exchange/eusername -Type: string -Default: taler-exchange-httpd -_Description: Taler user: - Please choose the user that the taler-exchange-httpd process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-exchange/rsecusername -Type: string -Default: taler-exchange-secmod-rsa -_Description: Taler user: - Please choose the user that the taler-exchange-secmod-rsa process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-exchange/esecusername -Type: string -Default: taler-exchange-secmod-eddsa -_Description: Taler user: - Please choose the user that the taler-exchange-secmod-eddsa process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-exchange/wireusername -Type: string -Default: taler-exchange-wire -_Description: Taler user: - Please choose the user that the taler-exchange-transfer and - taler-exchange-wirewatch processes will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-exchange/aggrusername -Type: string -Default: taler-exchange-aggregator -_Description: Taler user: - Please choose the user that the taler-exchange-aggregator process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-exchange/groupname -Type: string -Default: taler-private -_Description: Taler group: - Please choose the group that the Taler exchange and security - modules will run as. - . - This should be a dedicated group, not one that already owns data. - Only the members of this group will have access to Taler private - online signing keys. - - -Template: taler-exchange/dbgroupname -Type: string -Default: taler-exchange-db -_Description: Taler group: - Please choose the group that the Taler users with database access - should be in. - . - This should be a dedicated group, not one that already owns data. - Only the members of this group will have access to Taler database. |