diff options
Diffstat (limited to 'debian/taler-exchange.postinst')
-rw-r--r-- | debian/taler-exchange.postinst | 214 |
1 files changed, 17 insertions, 197 deletions
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index f3a9a6f2b..61e1a4778 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -5,6 +5,14 @@ set -e . /usr/share/debconf/confmodule TALER_HOME="/var/lib/taler-exchange" +CONFIG_FILE="/etc/default/taler-exchange" +_GROUPNAME=taler-exchange-secmod +_DBGROUPNAME=taler-exchange-db +_EUSERNAME=taler-exchange-httpd +_RSECUSERNAME=taler-exchange-secmod-rsa +_ESECUSERNAME=taler-exchange-secmod-rsa +_AGGRUSERNAME=taler-exchange-aggregator +_WIREUSERNAME=taler-exchange-wire # usage: fixperm user:group perms file function fixperm() { @@ -24,240 +32,52 @@ function lncfg() { case "${1}" in configure) - db_version 2.0 - db_get taler-exchange/eusername - _EUSERNAME="${RET:-taler-exchange-httpd}" - - db_get taler-exchange/rsecusername - _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" - - db_get taler-exchange/esecusername - _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" - - db_get taler-exchange/wireusername - _WIREUSERNAME="${RET:-taler-exchange-wire}" - - db_get taler-exchange/aggrusername - _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" - - db_get taler-exchange/groupname - _GROUPNAME="${RET:-taler-private}" - - db_get taler-exchange/dbgroupname - _DBGROUPNAME="${RET:-taler-exchange-db}" - - db_stop - - CONFIG_FILE="/etc/default/taler-exchange" - - # Creating taler groups as needed + # Create taler groups as needed if ! getent group ${_GROUPNAME} >/dev/null; then - echo -n "Creating new Taler group ${_GROUPNAME}:" + echo -n "Creating new Taler group ${_GROUPNAME} ..." addgroup --quiet --system ${_GROUPNAME} echo " done." fi if ! getent group ${_DBGROUPNAME} >/dev/null; then - echo -n "Creating new Taler group ${_DBGROUPNAME}:" + echo -n "Creating new Taler group ${_DBGROUPNAME} ..." addgroup --quiet --system ${_DBGROUPNAME} echo " done." fi - # Creating taler users if needed + # Create taler users if needed if ! getent passwd ${_EUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_EUSERNAME}:" + echo -n "Creating new Taler user ${_EUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} adduser ${_EUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_RSECUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_RSECUSERNAME}:" + echo -n "Creating new Taler user ${_RSECUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME} echo " done." fi if ! getent passwd ${_ESECUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_ESECUSERNAME}:" + echo -n "Creating new Taler user ${_ESECUSERNAME} ..." adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME} echo " done." fi if ! getent passwd ${_WIREUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_WIREUSERNAME}:" + echo -n "Creating new Taler user ${_WIREUSERNAME} ..." adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then - echo -n "Creating new Taler user ${_AGGRUSERNAME}:" + echo -n "Creating new Taler user ${_AGGRUSERNAME} ..." adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} echo " done." fi - # Writing new values to configuration file - echo -n "Writing new configuration file:" - CONFIG_NEW=$(tempfile) - - cat >"${CONFIG_NEW}" <<EOF -# This file controls the behaviour of the Taler init script. -# It will be parsed as a shell script. -# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'. - -TALER_EUSER=${_EUSERNAME} -TALER_RSECUSER=${_RSECUSERNAME} -TALER_ESECUSER=${_ESECUSERNAME} -TALER_WIREUSER=${_WIREUSERNAME} -TALER_AGGRUSER=${_AGGRUSERNAME} -TALER_GROUP=${_GROUPNAME} -EOF - - cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF -[Unit] -Description=Taler Exchange Socket -PartOf=taler-exchange-httpd.service - -[Socket] -ListenStream=/var/lib/taler-exchange/exchange.sock -Accept=no -Service=taler-exchange-httpd.service -SocketUser=${_EUSERNAME} -SocketGroup=www-data -SocketMode=0660 - -[Install] -WantedBy=sockets.target -EOF - - cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange REST API -AssertPathExists=/var/lib/taler-exchange/ -Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service -Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service -After=postgres.service network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_EUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -[Install] -WantedBy=multi-user.target -EOF - - cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange RSA security module - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_RSECUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange EdDSA security module - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_ESECUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=no -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange wirewatch service -After=network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_WIREUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - - -EOF - cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange transfer service -After=network.target - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_WIREUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - -EOF - cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF -[Unit] -Description=GNU Taler payment system exchange aggregator service - -[Service] -EnvironmentFile=/etc/default/taler-exchange -User=${_AGGRUSERNAME} -Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf -StandardOutput=journal -StandardError=journal -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=full - - -EOF - - cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" - rm -f "${CONFIG_NEW}" - echo " done." - - echo -n "Setting up system services " - - mkdir -p /var/lib/taler-exchange/tmp - fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp - chmod +s /var/lib/taler-exchange/tmp - fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf - systemctl daemon-reload >/dev/null 2>&1 || true - - echo "done." - echo -n "Linking config files" lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf |