2020-12-28 11:39:05 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2021-01-01 20:43:59 +01:00
|
|
|
|
2020-12-28 11:39:05 +01:00
|
|
|
. /usr/share/debconf/confmodule
|
|
|
|
|
|
|
|
case "${1}" in
|
|
|
|
configure)
|
|
|
|
db_version 2.0
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
db_get taler-exchange/eusername
|
|
|
|
_EUSERNAME="${RET:-taler-exchange-httpd}"
|
2020-12-28 11:39:05 +01:00
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
db_get taler-exchange/rsecusername
|
2021-01-18 11:04:43 +01:00
|
|
|
_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
|
2020-12-28 11:39:05 +01:00
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
db_get taler-exchange/esecusername
|
2021-01-18 11:04:43 +01:00
|
|
|
_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
|
2020-12-28 13:14:11 +01:00
|
|
|
|
|
|
|
db_get taler-exchange/wireusername
|
|
|
|
_WIREUSERNAME="${RET:-taler-exchange-wire}"
|
|
|
|
|
|
|
|
db_get taler-exchange/aggrusername
|
|
|
|
_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
|
|
|
|
|
|
|
|
db_get taler-exchange/groupname
|
|
|
|
_GROUPNAME="${RET:-taler-private}"
|
|
|
|
|
2021-01-01 20:43:59 +01:00
|
|
|
db_get taler-exchange/dbgroupname
|
|
|
|
_DBGROUPNAME="${RET:-taler-exchange-db}"
|
2020-12-28 11:39:05 +01:00
|
|
|
|
|
|
|
db_stop
|
|
|
|
|
2021-01-01 20:43:59 +01:00
|
|
|
CONFIG_FILE="/etc/default/taler-exchange"
|
2020-12-28 11:39:05 +01:00
|
|
|
TALER_HOME="/var/lib/taler-exchange"
|
|
|
|
|
2021-01-01 22:12:59 +01:00
|
|
|
# Creating taler groups as needed
|
2020-12-28 11:39:05 +01:00
|
|
|
if ! getent group ${_GROUPNAME} > /dev/null
|
|
|
|
then
|
|
|
|
echo -n "Creating new Taler group ${_GROUPNAME}:"
|
|
|
|
addgroup --quiet --system ${_GROUPNAME}
|
|
|
|
echo " done."
|
|
|
|
fi
|
2021-01-01 22:12:59 +01:00
|
|
|
if ! getent group ${_DBGROUPNAME} > /dev/null
|
|
|
|
then
|
|
|
|
echo -n "Creating new Taler group ${_DBGROUPNAME}:"
|
|
|
|
addgroup --quiet --system ${_DBGROUPNAME}
|
|
|
|
echo " done."
|
|
|
|
fi
|
2020-12-28 11:39:05 +01:00
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
# Creating taler users if needed
|
|
|
|
if ! getent passwd ${_EUSERNAME} > /dev/null
|
2020-12-28 11:39:05 +01:00
|
|
|
then
|
2020-12-28 13:14:11 +01:00
|
|
|
echo -n "Creating new Taler user ${_EUSERNAME}:"
|
|
|
|
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
|
2021-01-01 20:43:59 +01:00
|
|
|
adduser ${_EUSERNAME} ${_DBGROUPNAME}
|
2020-12-28 11:39:05 +01:00
|
|
|
echo " done."
|
|
|
|
fi
|
2020-12-28 13:14:11 +01:00
|
|
|
if ! getent passwd ${_RSECUSERNAME} > /dev/null
|
2020-12-28 11:39:05 +01:00
|
|
|
then
|
2020-12-28 13:14:11 +01:00
|
|
|
echo -n "Creating new Taler user ${_RSECUSERNAME}:"
|
2021-01-18 11:04:43 +01:00
|
|
|
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
|
2020-12-28 13:14:11 +01:00
|
|
|
echo " done."
|
|
|
|
fi
|
|
|
|
if ! getent passwd ${_ESECUSERNAME} > /dev/null
|
|
|
|
then
|
|
|
|
echo -n "Creating new Taler user ${_ESECUSERNAME}:"
|
2021-01-18 11:04:43 +01:00
|
|
|
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
|
2020-12-28 13:14:11 +01:00
|
|
|
echo " done."
|
|
|
|
fi
|
|
|
|
if ! getent passwd ${_WIREUSERNAME} > /dev/null
|
|
|
|
then
|
|
|
|
echo -n "Creating new Taler user ${_WIREUSERNAME}:"
|
|
|
|
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
|
2021-01-01 22:12:59 +01:00
|
|
|
adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
|
2020-12-28 13:14:11 +01:00
|
|
|
echo " done."
|
|
|
|
fi
|
|
|
|
if ! getent passwd ${_AGGRUSERNAME} > /dev/null
|
|
|
|
then
|
|
|
|
echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
|
|
|
|
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
|
2021-01-01 22:12:59 +01:00
|
|
|
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
|
2020-12-28 11:39:05 +01:00
|
|
|
echo " done."
|
|
|
|
fi
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
# Writing new values to configuration file
|
|
|
|
echo -n "Writing new configuration file:"
|
|
|
|
CONFIG_NEW=$(tempfile)
|
2020-12-28 11:39:05 +01:00
|
|
|
|
|
|
|
cat > "${CONFIG_NEW}" <<EOF
|
|
|
|
# This file controls the behaviour of the Taler init script.
|
|
|
|
# It will be parsed as a shell script.
|
2020-12-28 13:14:11 +01:00
|
|
|
# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
|
2020-12-28 11:39:05 +01:00
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
TALER_EUSER=${_EUSERNAME}
|
|
|
|
TALER_RSECUSER=${_RESCUSERNAME}
|
|
|
|
TALER_ESECUSER=${_ESECUSERNAME}
|
|
|
|
TALER_WIREUSER=${_WIREUSERNAME}
|
|
|
|
TALER_AGGRUSER=${_AGGRUSERNAME}
|
2020-12-28 11:39:05 +01:00
|
|
|
TALER_GROUP=${_GROUPNAME}
|
|
|
|
EOF
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
|
2020-12-28 11:39:05 +01:00
|
|
|
[Unit]
|
2020-12-28 13:14:11 +01:00
|
|
|
Description=GNU Taler payment system exchange REST API
|
2021-01-18 11:04:43 +01:00
|
|
|
Requires=taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
|
2020-12-28 13:14:11 +01:00
|
|
|
Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer
|
|
|
|
After=postgres.service network.target
|
2020-12-28 11:39:05 +01:00
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_EUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
2021-01-01 20:43:59 +01:00
|
|
|
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=no
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
2020-12-28 11:39:05 +01:00
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
2020-12-28 13:14:11 +01:00
|
|
|
EOF
|
|
|
|
|
2021-01-18 11:04:43 +01:00
|
|
|
cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
|
2020-12-28 13:14:11 +01:00
|
|
|
[Unit]
|
|
|
|
Description=GNU Taler payment system exchange RSA security module
|
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_RSECUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
2021-01-17 20:07:55 +01:00
|
|
|
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=no
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
2020-12-28 13:14:11 +01:00
|
|
|
|
|
|
|
EOF
|
2021-01-18 11:04:43 +01:00
|
|
|
cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
|
2020-12-28 13:14:11 +01:00
|
|
|
[Unit]
|
|
|
|
Description=GNU Taler payment system exchange EdDSA security module
|
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_ESECUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
2021-01-17 20:07:55 +01:00
|
|
|
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=no
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
EOF
|
|
|
|
cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
|
|
|
|
[Unit]
|
|
|
|
Description=GNU Taler payment system exchange wirewatch service
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_WIREUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
|
|
|
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=yes
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
|
|
|
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
EOF
|
|
|
|
cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF
|
|
|
|
[Unit]
|
|
|
|
Description=GNU Taler payment system exchange transfer service
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_WIREUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
|
|
|
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=yes
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
|
|
|
|
2020-12-28 13:14:11 +01:00
|
|
|
EOF
|
|
|
|
cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
|
|
|
|
[Unit]
|
|
|
|
Description=GNU Taler payment system exchange aggregator service
|
|
|
|
|
|
|
|
[Service]
|
2021-01-01 20:43:59 +01:00
|
|
|
EnvironmentFile=/etc/default/taler-exchange
|
2020-12-28 13:14:11 +01:00
|
|
|
User=${_AGGRUSERNAME}
|
|
|
|
Type=simple
|
|
|
|
Restart=on-failure
|
|
|
|
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
|
2021-01-23 23:02:10 +01:00
|
|
|
PrivateTmp=yes
|
|
|
|
PrivateDevices=yes
|
|
|
|
ProtectSystem=full
|
|
|
|
|
|
|
|
|
2020-12-28 11:39:05 +01:00
|
|
|
EOF
|
|
|
|
|
|
|
|
cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
|
2021-01-01 22:12:59 +01:00
|
|
|
rm -f "${CONFIG_NEW}"
|
2020-12-28 11:39:05 +01:00
|
|
|
echo " done."
|
|
|
|
|
2021-01-01 22:12:59 +01:00
|
|
|
echo -n "Setting up system services "
|
|
|
|
|
2020-12-31 23:09:12 +01:00
|
|
|
mkdir -p /var/lib/taler-exchange/tmp
|
2021-01-01 22:12:59 +01:00
|
|
|
chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
|
2020-12-31 23:09:12 +01:00
|
|
|
chmod 770 /var/lib/taler-exchange/tmp
|
|
|
|
chmod +s /var/lib/taler-exchange/tmp
|
|
|
|
|
2021-01-02 14:05:45 +01:00
|
|
|
chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
|
|
|
|
chmod 460 /etc/taler-wire.conf
|
|
|
|
chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
|
|
|
|
chmod 640 /etc/taler-exchange-db.conf
|
|
|
|
chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf
|
|
|
|
chmod 460 /etc/taler-wire.conf
|
|
|
|
|
2021-01-01 22:12:59 +01:00
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
|
|
echo "done."
|
2021-01-01 20:43:59 +01:00
|
|
|
|
2020-12-28 11:39:05 +01:00
|
|
|
# Cleaning
|
|
|
|
echo "All done."
|
|
|
|
;;
|
|
|
|
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
|
|
|
echo "postinst called with unknown argument \`${1}'" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
#DEBHELPER#
|
|
|
|
|
|
|
|
exit 0
|