debian: database setup tweaks

3 files changed, 39 insertions, 71 deletions

diff --git a/debian/changelog b/debian/changelog
index 49094099..5062061b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+taler-merchant (0.8.2-5) unstable; urgency=low
+
+  * Database setup tweaks.
+
+ -- Florian Dold <dold@taler.net>  Sat, 28 Aug 2021 17:12:17 +0200
+
 taler-merchant (0.8.2-4) unstable; urgency=low
 
   * Work around debconf bug.
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
index 04d5a6ed..3ea6b266 100755
--- a/debian/db/install/pgsql
+++ b/debian/db/install/pgsql
@@ -1,63 +1,35 @@
 #!/bin/bash
+
 set -eu
+
 merchantdb_secretconf=/etc/taler/secrets/merchant-db.secret.conf
 merchantdb_overrideconf=/etc/taler/merchant-overrides.conf
-# get database settings from dbconfig-common and configure
-# for ADMINISTRATIVE access
-if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
-    . /etc/dbconfig-common/taler-merchant.conf
-    case "$dbc_dbtype" in
-        pgsql)
-            echo -e "# Config file auto-generated by Debian.\n[merchant]\nDB=postgres\n\n" > \
-              $merchantdb_overrideconf
-            echo -e "[merchantdb-postgres]\nCONFIG=postgres:///${dbc_dbname}\n\n" > \
-              $merchantdb_secretconf
-            ;;
-        sqlite3)
-            # Later: use something like:
-            # sqlite:///$DATA_DIR/merchant.db
-            # But for now, sqlite is unsupported:
-            echo "Unsupported database type $dbc_type."
-            exit 1
-            ;;
-        "")
-            ;;
-        *)
-            echo "Unsupported database type $dbc_type."
-            exit 1
-            ;;
-    esac
-fi
-# get database settings from dbconfig-common and configure
-# for service access!
+
+# Get database settings from dbconfig-common and write Taler configuration files.
 if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
-    . /etc/dbconfig-common/taler-merchant.conf
-    case "$dbc_dbtype" in
-        pgsql)
-            echo "GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO \"$dbc_dbuser\";" \
-                | sudo -u postgres psql "postgres:///$dbc_dbname"
-            echo "GRANT SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO \"$dbc_dbuser\";" \
-            | sudo -u postgres psql "postgres:///$dbc_dbname"
+  . /etc/dbconfig-common/taler-merchant.conf
+  case "$dbc_dbtype" in
+  pgsql)
+    echo -e "# Config file auto-generated by Debian.\n[merchant]\nDB=postgres\n\n" > \
+      $merchantdb_overrideconf
+    # We assume ident auth here.  We might support password auth later.
+    echo -e "[merchantdb-postgres]\nCONFIG=postgres:///${dbc_dbname}\n\n" > \
+      $merchantdb_secretconf
+    # Run database initialization logic
+    sudo -u taler-merchant-httpd taler-merchant-dbinit -c /etc/taler/taler.conf
+    ;;
+  sqlite3)
+    # Later: use something like:
+    # sqlite:///$DATA_DIR/merchant.db
+    # But for now, sqlite is unsupported:
+    echo "Unsupported database type $dbc_type."
+    exit 1
+    ;;
+  "") ;;
 
-            echo -e "[merchantdb-postgres]\nCONFIG=postgres://${dbc_dbuser}:${dbc_dbpass}@${dbc_dbserver}/${dbc_dbname}\n\n" > \
-              $merchantdb_secretconf
-            echo -e "[merchant]\nDB=postgres\n\n" > \
-              $merchantdb_overrideconf
-            ;;
-        sqlite3)
-            # Later: use something like:
-            # sqlite:///$DATA_DIR/merchant.db
-            # But for now, sqlite is unsupported:
-            echo "Unsupported database type $dbc_type."
-            exit 1
-            ;;
-        "")
-            ;;
-        *)
-            echo "Unsupported database type $dbc_type."
-            exit 1
-            ;;
-    esac
+  *)
+    echo "Unsupported database type $dbc_type."
+    exit 1
+    ;;
+  esac
 fi
-# Run database initialization logic
-sudo -u postgres taler-merchant-dbinit -c /etc/taler/taler.conf
diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config
index 15552fdb..4a876261 100644
--- a/debian/taler-merchant.config
+++ b/debian/taler-merchant.config
@@ -4,26 +4,16 @@ set -e
 
 . /usr/share/debconf/confmodule
 
-# Set permissions for sqlite3 file
-# (for when we support sqlite3 in the future)
-dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}"
-dbc_dbfile_perms="0600"
-
-dbc_psql_createdb_encoding="UTF8"
+_USERNAME=taler-merchant-httpd
+_GROUPNAME=www-data
 
-# Set MySQL encoding to UTF8, just in case MySQL
-# support is added in the future.
-dbc_mysql_createdb_encoding="UTF8"
+# For now, we only support postgres
+dbc_dbtypes=pgsql
+dbc_dbuser=${_USERNAME}
 
-# Try to get it to use UNIX domain sockets, if possible.
-# (Note: doesn't seem to do much, still uses username+PW+TCP
-#  on my system :-(  dbconfig documentation sucks.).
 dbc_authmethod_user=ident
 dbc_authmethod_admin=ident
 
-_USERNAME=taler-merchant-httpd
-dbc_dbuser=${_USERNAME}
-
 if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
     . /usr/share/dbconfig-common/dpkg/config.pgsql
     dbc_go taler-merchant "$@"