diff options
| -rwxr-xr-x | contrib/taler-exchange-dbconfig | 22 | ||||
| -rw-r--r-- | debian/taler-auditor.postinst | 2 | ||||
| -rw-r--r-- | debian/taler-auditor.postrm | 9 | ||||
| -rw-r--r-- | debian/taler-exchange.postinst | 4 | ||||
| -rw-r--r-- | debian/taler-exchange.postrm | 24 |
5 files changed, 48 insertions, 13 deletions
diff --git a/contrib/taler-exchange-dbconfig b/contrib/taler-exchange-dbconfig index 7d33aa64b..dc92abbd1 100755 --- a/contrib/taler-exchange-dbconfig +++ b/contrib/taler-exchange-dbconfig @@ -22,15 +22,17 @@ set -eu RESET_DB=0 SKIP_DBINIT=0 DBUSER="taler-exchange-httpd" +DBGROUP="taler-exchange-db" DBNAME="exchange" CFGFILE="/etc/taler/secrets/exchange-db.secret.conf" # Parse command-line options -while getopts ':hn:rsu:' OPTION; do +while getopts ':g:hn:rsu:' OPTION; do case "$OPTION" in h) echo 'Supported options:' echo " -c FILENAME -- write configuration to FILENAME (default: $CFGFILE)" + echo " -g GROUP -- taler-exchange to be run by GROUP (default: $DBGROUP)" echo " -h -- print this help text" echo " -n NAME -- user NAME for database name (default: $DBNAME)" echo " -r -- reset database (dangerous)" @@ -86,7 +88,7 @@ if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null then if [ 1 = "$RESET_DB" ] then - echo "Deleting existing database $DBNAME." 1>&2 + echo "Deleting existing database '$DBNAME'." 1>&2 sudo -i -u postgres dropdb "$DBNAME" else echo "Database '$DBNAME' already exists, refusing to setup again." @@ -95,14 +97,14 @@ then fi fi -echo "Setting up database user $DBUSER." 1>&2 +echo "Setting up database user '$DBUSER'." 1>&2 if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null then echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2 fi -echo "Creating database $DBNAME." 1>&2 +echo "Creating database '$DBNAME'." 1>&2 if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME" then @@ -112,19 +114,21 @@ fi if [ -f "$CFGFILE" ] then - echo "Adding database configuration to $CFGFILE." 1>&2 + echo "Adding database configuration to '$CFGFILE'." 1>&2 echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE" + chown root:"$DBGROUP" "$CFGFILE" + chmod 640 "$CFGFILE" else - echo "Configuration $CFGFILE does not yet exist, creating it." 1>&2 + echo "Configuration '$CFGFILE' does not yet exist, creating it." 1>&2 mkdir -p "$(dirname "$CFGFILE")" echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE" - chown "$DBUSER":root "$CFGFILE" - chmod 460 "$CFGFILE" + chown root:"$DBGROUP" "$CFGFILE" + chmod 640 "$CFGFILE" fi if [ 0 = "$SKIP_DBINIT" ] then - echo "Initializing database $DBNAME." 1>&2 + echo "Initializing database '$DBNAME'." 1>&2 sudo -u "$DBUSER" taler-exchange-dbinit fi diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst index 4e89be226..d65fd8c5d 100644 --- a/debian/taler-auditor.postinst +++ b/debian/taler-auditor.postinst @@ -22,7 +22,7 @@ configure) if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - ${_USERNAME} ${_GROUPNAME} 660 \ + ${_USERNAME} ${_GROUPNAME} 640 \ /etc/taler/secrets/auditor-db.secret.conf fi diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm index 752510e63..639e3241e 100644 --- a/debian/taler-auditor.postrm +++ b/debian/taler-auditor.postrm @@ -6,9 +6,16 @@ if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi +_USERNAME=taler-auditor-httpd +_GROUPNAME=taler-auditor-httpd + case "${1}" in purge) - ;; + dpkg-statoverride --remove \ + /etc/taler/secrets/auditor-db.secret.conf || true + deluser --system --quiet ${_USERNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true + ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; *) diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 892e48475..6278dac1f 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -56,13 +56,13 @@ configure) if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - ${_WIREUSERNAME} root 460 \ + ${_WIREUSERNAME} root 640 \ /etc/taler/secrets/exchange-accountcredentials-1.secret.conf fi if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - root ${_DBGROUPNAME} 660 \ + root ${_DBGROUPNAME} 640 \ /etc/taler/secrets/exchange-db.secret.conf fi diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index 6488d268b..9edf548a5 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -2,6 +2,17 @@ set -e +_GROUPNAME=taler-exchange-secmod +_DBGROUPNAME=taler-exchange-db +_EUSERNAME=taler-exchange-httpd +_CLOSERUSERNAME=taler-exchange-closer +_CSECUSERNAME=taler-exchange-secmod-cs +_RSECUSERNAME=taler-exchange-secmod-rsa +_ESECUSERNAME=taler-exchange-secmod-eddsa +_AGGRUSERNAME=taler-exchange-aggregator +_WIREUSERNAME=taler-exchange-wire + + if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi @@ -9,6 +20,19 @@ fi case "${1}" in purge) rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-* + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-accountcredentials-1.secret.conf || true + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-db.secret.conf || true + deluser --quiet --system ${_CSECUSERNAME} || true + deluser --quiet --system ${_RSECUSERNAME} || true + deluser --quiet --system ${_ESECUSERNAME} || true + deluser --quiet --system ${_AGGRUSERNAME} || true + deluser --quiet --system ${_WIREUSERNAME} || true + deluser --quiet --system ${_CLOSERUSERNAME} || true + deluser --quiet --system ${_EUSERNAME} || true + delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) |