diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-01-01 20:43:59 +0100 | 
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-01-01 20:43:59 +0100 | 
| commit | 90d4bc9519507c64ad5c0a604140fcf00a9702ee (patch) | |
| tree | 4442b78765bf974190b84476031b9a562c86c078 | |
| parent | cd9220b187d97a52a8cc3179dc8d3b06d25f942a (diff) | |
work on Debian package: extend pre-configuration, add reverse proxy setup logic, add database setup logic (untested)
| -rw-r--r-- | debian/conf/apache.conf | 4 | ||||
| -rw-r--r-- | debian/conf/nginx.conf | 7 | ||||
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | debian/db/install/pgsql | 2 | ||||
| -rw-r--r-- | debian/db/upgrade/pgsql | 2 | ||||
| -rw-r--r-- | debian/etc/taler-exchange-db.conf | 3 | ||||
| -rw-r--r-- | debian/etc/taler-exchange.conf (renamed from debian/etc/taler.conf) | 7 | ||||
| -rw-r--r-- | debian/etc/taler-wire.conf | 1 | ||||
| -rw-r--r-- | debian/taler-exchange.config | 7 | ||||
| -rw-r--r-- | debian/taler-exchange.install | 5 | ||||
| -rw-r--r-- | debian/taler-exchange.postinst | 86 | ||||
| -rw-r--r-- | debian/taler-exchange.postrm | 41 | ||||
| -rw-r--r-- | debian/taler-exchange.prerm | 17 | ||||
| -rw-r--r-- | debian/taler-exchange.templates | 19 | 
14 files changed, 172 insertions, 30 deletions
| diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf new file mode 100644 index 00000000..3cfbf9ed --- /dev/null +++ b/debian/conf/apache.conf @@ -0,0 +1,4 @@ +<Location "/taler-exchange/"> +ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" +</Location> diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf new file mode 100644 index 00000000..2921c999 --- /dev/null +++ b/debian/conf/nginx.conf @@ -0,0 +1,7 @@ +location /taler-exchange/ { +         proxy_pass http://unix:/var/lib/taler-exchange/exchange.sock; +         proxy_redirect off; +         proxy_set_header Host $host; +         proxy_set_header X-Forwarded-Host "example.com"; +         proxy_set_header X-Forwarded-Proto "https"; +}
\ No newline at end of file diff --git a/debian/control b/debian/control index d5047855..873bed6a 100644 --- a/debian/control +++ b/debian/control @@ -54,6 +54,7 @@ Depends:   adduser,   lsb-base,   netbase, + dbconfig-pgsql | dbconfig-no-thanks,   python3-jinja2,   ${misc:Depends},   ${shlibs:Depends} diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql new file mode 100644 index 00000000..0740e0d1 --- /dev/null +++ b/debian/db/install/pgsql @@ -0,0 +1,2 @@ +#!/bin/sh +taler-exchange-dbinit -c /etc/taler.conf diff --git a/debian/db/upgrade/pgsql b/debian/db/upgrade/pgsql new file mode 100644 index 00000000..0740e0d1 --- /dev/null +++ b/debian/db/upgrade/pgsql @@ -0,0 +1,2 @@ +#!/bin/sh +taler-exchange-dbinit -c /etc/taler.conf diff --git a/debian/etc/taler-exchange-db.conf b/debian/etc/taler-exchange-db.conf new file mode 100644 index 00000000..b894671d --- /dev/null +++ b/debian/etc/taler-exchange-db.conf @@ -0,0 +1,3 @@ +[taler-exchangdb-postgres] + +CONFIG = postgres:///taler-exchange diff --git a/debian/etc/taler.conf b/debian/etc/taler-exchange.conf index 4d721e02..4a806959 100644 --- a/debian/etc/taler.conf +++ b/debian/etc/taler-exchange.conf @@ -1,5 +1,12 @@ +@INLINE@ /etc/taler-exchange-db.conf +  [PATHS]  # Move runtime data "tmp" directory to /var/lib/taler-exchange/  # to possibly provide additional protection from unwarranted access.  TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/ + +[exchange] +SERVE = UNIX +UNIXPATH = /var/lib/taler-exchange/exchange.sock +DATABASE = postgres diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf new file mode 100644 index 00000000..f30fe077 --- /dev/null +++ b/debian/etc/taler-wire.conf @@ -0,0 +1 @@ +@INLINE@ /etc/taler-exchange-db.conf diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config index 9cb12cd7..1afcf358 100644 --- a/debian/taler-exchange.config +++ b/debian/taler-exchange.config @@ -22,7 +22,10 @@ db_go  db_input low taler-exchange/groupname || true  db_go -db_input medium taler-exchange/autostart || true -db_go +if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then +    . /usr/share/dbconfig-common/dpkg/config.pgsql +    dbc_go taler-exchange "$@" +fi +  db_stop diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install index d3ceccc1..a6486f38 100644 --- a/debian/taler-exchange.install +++ b/debian/taler-exchange.install @@ -1,3 +1,6 @@ -etc/taler.conf  usr/bin/  usr/lib/*/taler/*.so +debian/etc/* etc/ +debian/db/install/* usr/share/dbconfig-common/scripts/taler-exchange/install/ +debian/db/upgrade/* usr/share/dbconfig-common/scripts/taler-exchange/upgrade/ +debian/conf/* etc/taler-exchange/
\ No newline at end of file diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index cfaf04a4..8256e886 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -2,6 +2,27 @@  set -e + +apache_install() { +	mkdir -p /etc/apache2/conf-available +    if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ]; +    then +	    cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf +    fi +    a2enmod proxy +    a2enmod proxy_http +    a2enmod headers +} + + +nginx_install() { +	mkdir -p /etc/nginx/conf-available +    if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ]; +    then +	    cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf +    fi +} +  . /usr/share/debconf/confmodule  case "${1}" in @@ -26,16 +47,13 @@ case "${1}" in  		db_get taler-exchange/groupname  		_GROUPNAME="${RET:-taler-private}" -		db_get taler-exchange/autostart -		_AUTOSTART="${RET}" # boolean +   		db_get taler-exchange/dbgroupname +		_DBGROUPNAME="${RET:-taler-exchange-db}"  		db_stop -		CONFIG_FILE="/etc/default/taler" - -		# Read default values +		CONFIG_FILE="/etc/default/taler-exchange"  		TALER_HOME="/var/lib/taler-exchange" -		eval $(grep TALER_HOME /etc/taler.conf | tr -d '[:blank:]')  		# Creating taler group if needed  		if ! getent group ${_GROUPNAME} > /dev/null @@ -50,6 +68,7 @@ case "${1}" in  		then  			echo -n "Creating new Taler user ${_EUSERNAME}:"  			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} +            adduser ${_EUSERNAME} ${_DBGROUPNAME}  			echo " done."  		fi  		if ! getent passwd ${_RSECUSERNAME} > /dev/null @@ -68,12 +87,14 @@ case "${1}" in  		then  			echo -n "Creating new Taler user ${_WIREUSERNAME}:"  			adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} +            adduser ${_WIREUSERNAME} ${_DBGROUPNAME}  			echo " done."  		fi  		if ! getent passwd ${_AGGRUSERNAME} > /dev/null  		then  			echo -n "Creating new Taler user ${_AGGRUSERNAME}:"  			adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} +            adduser ${_AGGRUSERNAME} ${_DBGROUPNAME}  			echo " done."  		fi @@ -92,7 +113,6 @@ TALER_ESECUSER=${_ESECUSERNAME}  TALER_WIREUSER=${_WIREUSERNAME}  TALER_AGGRUSER=${_AGGRUSERNAME}  TALER_GROUP=${_GROUPNAME} -TALER_AUTOSTART="${_AUTOSTART}"  EOF  cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF @@ -103,11 +123,11 @@ Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer  After=postgres.service network.target  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_EUSERNAME}  Type=simple  Restart=on-failure -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler.conf +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf  [Install]  WantedBy=multi-user.target @@ -118,11 +138,11 @@ cat > "/etc/systemd/system/taler-exchange-helper-rsa.service" <<EOF  Description=GNU Taler payment system exchange RSA security module  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_RSECUSERNAME}  Type=simple  Restart=on-failure -ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler.conf +ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler-exchange.conf  [Install]  WantedBy=multi-user.target @@ -132,11 +152,11 @@ cat > "/etc/systemd/system/taler-exchange-helper-eddsa.service" <<EOF  Description=GNU Taler payment system exchange EdDSA security module  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_ESECUSERNAME}  Type=simple  Restart=on-failure -ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler.conf +ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler-exchange.conf  EOF  cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF  [Unit] @@ -144,7 +164,7 @@ Description=GNU Taler payment system exchange wirewatch service  After=network.target  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_WIREUSERNAME}  Type=simple  Restart=on-failure @@ -156,7 +176,7 @@ Description=GNU Taler payment system exchange transfer service  After=network.target  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_WIREUSERNAME}  Type=simple  Restart=on-failure @@ -167,7 +187,7 @@ cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF  Description=GNU Taler payment system exchange aggregator service  [Service] -EnvironmentFile=/etc/default/taler +EnvironmentFile=/etc/default/taler-exchange  User=${_AGGRUSERNAME}  Type=simple  Restart=on-failure @@ -184,6 +204,40 @@ EOF          chmod 770 /var/lib/taler-exchange/tmp          chmod +s /var/lib/taler-exchange/tmp +        # Setup postgres database (needs dbconfig-pgsql package) +        if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then +            . /usr/share/dbconfig-common/dpkg/postinst.pgsql +            # dbc_dbfile_* should not apply for Postgres, but better be safe... +            dbc_dbfile_owner="${_EUSERNAME}:${_DBGROUPNAME}" +            dbc_dbfile_perms="0660" +            dbc_pgsql_createdb_encoding="UTF8" +            dbc_go taler-exchange "$@" +        fi +        # get database settings from dbconfig-common +        if [ -f /etc/dbconfig-common/taler-exchange.conf ]; then +            . /etc/dbconfig-common/taler-exchange.conf +            case "$dbc_dbtype" in +                pgsql) +                    taler-config -c /etc/taler-exchange-db.conf \ +                                 -s "exchangedb-postgres" \ +                                 -o "CONFIG" \ +                                 -V "postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname" +                    taler-config -c /etc/taler-exchange-db.conf \ +                                 -s "exchange" \ +                                 -o "DB" \ +                                 -V "postgres" +                    chown ${_EUSERNAME}:${_DBGROUPNAME} /etc/taler-exchange-db.conf +                    chmod 440 /etc/taler-exchange-db.conf +                ;; +                "") +                ;; +                *) +                    echo "Unsupported database type $dbc_type." +                    exit 1 +                    ;; +            esac +        fi +  		# Cleaning  		rm -f "${CONFIG_NEW}"  		echo "All done." diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index e2cba9d4..3843294e 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -15,6 +15,43 @@ pathfind() {  	return 1  } +apache_remove() { +    if [ diff /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf >/dev/null 2>&1 ]; +    then +	    rm -f /etc/apache2/conf-available/taler-exchange.conf +    fi +} + +nginx_remove() { +    if [ diff /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf >/dev/null 2>&1 ]; +    then +	    rm -f /etc/nginx/conf-available/taler-exchange.conf +    fi +} + +if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then +    . /usr/share/dbconfig-common/dpkg/postrm.pgsql +    dbc_go taler-exchange "$@" +fi + + +if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then +	if [ -f /usr/share/debconf/confmodule ]; then +		db_version 2.0 +		db_get taler-exchange/reconfigure-webserver +		webservers="$RET" +		for webserver in $webservers; do +			webserver=${webserver%,} +			if [ "$webserver" = "nginx" ] ; then +				nginx_remove +			else +				apache_remove +			fi +		done +	fi +fi + +  case "${1}" in  	purge)  		if [ -e /usr/share/debconf/confmodule ] @@ -48,8 +85,6 @@ case "${1}" in  			_GROUPNAME="taler-private"  		fi -		TALERDNS_GROUP="talerdns" -  		if pathfind deluser  		then  			deluser --quiet --system ${_EUSERNAME} || true @@ -64,7 +99,7 @@ case "${1}" in  			delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true  		fi -		rm -rf /var/log/taler/ /var/lib/taler /etc/default/taler +		rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange  		;;  	remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/debian/taler-exchange.prerm b/debian/taler-exchange.prerm new file mode 100644 index 00000000..88a747cb --- /dev/null +++ b/debian/taler-exchange.prerm @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + + +if [ -f /usr/share/debconf/confmodule ]; then +    . /usr/share/debconf/confmodule +fi +. /usr/share/dbconfig-common/dpkg/prerm + +if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then +    . /usr/share/dbconfig-common/dpkg/prerm.pgsql +    dbc_go taler-exchange "$@" +fi + +db_stop +exit 0
\ No newline at end of file diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates index 8cc9d1d4..43c3524e 100644 --- a/debian/taler-exchange.templates +++ b/debian/taler-exchange.templates @@ -46,7 +46,7 @@ _Description: Taler user:  Template: taler-exchange/groupname  Type: string -Default: taler +Default: taler-private  _Description: Taler group:   Please choose the group that the Taler exchange and security   modules will run as. @@ -55,10 +55,13 @@ _Description: Taler group:   Only the members of this group will have access to Taler private   online signing keys. -Template: taler-exchange/autostart -Type: boolean -Default: true -_Description: Should the Taler exchange be launched on boot? - If you choose this option, a Taler exchange will be launched each time - the system is started. Otherwise, you will need to launch - Taler each time you want to use it. + +Template: taler-exchange/dbgroupname +Type: string +Default: taler-exchange-db +_Description: Taler group: + Please choose the group that the Taler users with database access + should be in. + . + This should be a dedicated group, not one that already owns data. + Only the members of this group will have access to Taler database. | 
