From bfbbb5f8182fa668a992fadd504e43daa31962a4 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 1 Jan 2021 20:43:30 +0100
Subject: improving Debian package (untested)

---
 debian/taler-merchant.postinst | 152 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 150 insertions(+), 2 deletions(-)

(limited to 'debian/taler-merchant.postinst')

diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst
index 5cc1a6ad..baa291f6 100644
--- a/debian/taler-merchant.postinst
+++ b/debian/taler-merchant.postinst
@@ -2,15 +2,163 @@
 
 set -e
 
+# Set permissions for sqlite3 file
+# (for when we support sqlite3 in the future)
+dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}"
+dbc_dbfile_perms="0600"
+
+
+# 1st argument will be the SECURITYTOKEN to use.
+apache_install() {
+	mkdir -p /etc/apache2/conf-available
+    if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+    then
+	    cat /etc/taler-merchant/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/apache2/conf-available/taler-merchant.conf
+    fi
+    # TODO: might want to remember if *we* enabled those, and disable in postrm
+    a2enmod proxy
+    a2enmod proxy_http
+    a2enmod headers
+    a2enmod rewrite
+}
+
+# 1st argument will be the SECURITYTOKEN to use.
+nginx_install() {
+	mkdir -p /etc/nginx/conf-available
+    if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+    then
+	    cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/nginx/conf-available/taler-merchant.conf
+    fi
+}
+
 . /usr/share/debconf/confmodule
 
+
 case "${1}" in
 	configure)
 		db_version 2.0
 
-		db_get taler-merchant/autostart
-		_AUTOSTART="${RET}" # boolean
+		db_get taler-merchant/username
+		_USERNAME="${RET:-taler-merchant-httpd}"
+
+		db_get taler-merchant/groupname
+		_GROUPNAME="${RET:-www-data}"
+
+		# Read default values
+		TALER_HOME="/var/lib/taler-merchant"
+
+        # Creating taler group if needed
+		if ! getent group ${_GROUPNAME} > /dev/null
+		then
+			echo -n "Creating new Taler group ${_GROUPNAME}:"
+			addgroup --quiet --system ${_GROUPNAME}
+			echo " done."
+		fi
+		# Creating taler users if needed
+		if ! getent passwd ${_USERNAME} > /dev/null
+		then
+			echo -n "Creating new Taler user ${_USERNAME}:"
+			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
+			echo " done."
+		fi
+
+        # Create access secret
+        SECRET=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`
+        echo SECRET > ${TALER_HOME}/master-api-key.txt
+        chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt
+        chmod 440 ${TALER_HOME}/master-api-key.txt
+
+        # Writing new values to configuration file
+        echo -n "Writing new configuration file:"
+        CONFIG_NEW=$(tempfile)
+
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the Taler init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure taler-merchant'.
+
+TALER_USER=${_USERNAME}
+TALER_GROUP=${_GROUPNAME}
+EOF
+
+
+cat > "/etc/systemd/system/taler-merchant-httpd.service" <<EOF
+[Unit]
+Description=GNU Taler payment system merchant backend
+
+[Service]
+EnvironmentFile=/etc/default/taler-merchant
+User=${_USERNAME}
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler-merchant.conf
+EOF
+
+        systemctl daemon-reload
+
+        cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+	    echo " done."
+
+        # Setup postgres database (needs dbconfig-pgsql package)
+        if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
+            . /usr/share/dbconfig-common/dpkg/postinst.pgsql
+            dbc_pgsql_createdb_encoding="UTF8"
+            dbc_go taler-merchant "$@"
+        fi
+
+        # get database settings from dbconfig-common
+        if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
+            . /etc/dbconfig-common/taler-merchant.conf
+            case "$dbc_dbtype" in
+                pgsql)
+                    taler-config -c /etc/taler-merchant.conf \
+                                 -s "merchantdb-postgres" \
+                                 -o "CONFIG" \
+                                 -V "postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname"
+                    taler-config -c /etc/taler-merchant.conf \
+                                 -s "merchant" \
+                                 -o "DB" \
+                                 -V "postgres"
+                ;;
+                sqlite3)
+                    # Later: use something like:
+                    # sqlite:///$DATA_DIR/merchant.db
+                    # But for now, sqlite is unsupported:
+                    echo "Unsupported database type $dbc_type."
+                    exit 1
+                ;;
+                "")
+                ;;
+                *)
+                    echo "Unsupported database type $dbc_type."
+                    exit 1
+                    ;;
+            esac
+        fi
+
 
+		# Configure Webserver
+		db_get taler-merchant/reconfigure-webserver
+		webservers="$RET"
+		for webserver in $webservers; do
+			webserver=${webserver%,}
+			if [ "$webserver" = "nginx" ] ; then
+				nginx_install "$SECRET"
+			else
+				apache_install "$SECRET"
+			fi
+ 		        if [ -f /etc/init.d/$webserver ] ; then
+        		    	if which invoke-rc.d > /dev/null ; then
+                			if invoke-rc.d $webserver status > /dev/null 2>&1 ; then
+                  				invoke-rc.d $webserver reload 3>/dev/null || true
+	                		fi
+        	    		else
+                			if /etc/init.d/$webserver status > /dev/null 2>&1 ; then
+                    				/etc/init.d/$webserver reload 3>/dev/null || true
+                			fi
+	            		fi
+        		fi
+		done
 		db_stop
 
 		# Cleaning
-- 
cgit v1.2.3