exchange/debian/taler-exchange.postinst

284 lines
7.5 KiB
Plaintext
Raw Normal View History

#!/bin/bash
set -e
. /usr/share/debconf/confmodule
2021-07-16 17:31:19 +02:00
TALER_HOME="/var/lib/taler-exchange"
2021-07-16 17:16:38 +02:00
# usage: fixperm user:group perms file
function fixperm() {
chown "$1" "$3"
chmod "$2" "$3"
}
2021-07-16 17:31:19 +02:00
# usage: lncfg user home target
2021-07-16 17:16:38 +02:00
function lncfg() {
local cf=$TALER_HOME/$2/.config
if [ ! -e $cf ]; then
mkdir $cf
2021-07-16 17:51:31 +02:00
chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf
fi
2021-07-16 18:24:41 +02:00
ln -sf $3 $cf/taler.conf
2021-07-16 17:16:38 +02:00
}
case "${1}" in
2021-07-16 17:16:38 +02:00
configure)
db_version 2.0
db_get taler-exchange/eusername
_EUSERNAME="${RET:-taler-exchange-httpd}"
db_get taler-exchange/rsecusername
_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
db_get taler-exchange/esecusername
_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
db_get taler-exchange/wireusername
_WIREUSERNAME="${RET:-taler-exchange-wire}"
db_get taler-exchange/aggrusername
_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}"
db_get taler-exchange/dbgroupname
_DBGROUPNAME="${RET:-taler-exchange-db}"
db_stop
CONFIG_FILE="/etc/default/taler-exchange"
# Creating taler groups as needed
if ! getent group ${_GROUPNAME} >/dev/null; then
echo -n "Creating new Taler group ${_GROUPNAME}:"
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
if ! getent group ${_DBGROUPNAME} >/dev/null; then
echo -n "Creating new Taler group ${_DBGROUPNAME}:"
addgroup --quiet --system ${_DBGROUPNAME}
echo " done."
fi
# Creating taler users if needed
if ! getent passwd ${_EUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_EUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_RSECUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
echo " done."
fi
if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_ESECUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
echo " done."
fi
if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_WIREUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
# Writing new values to configuration file
echo -n "Writing new configuration file:"
CONFIG_NEW=$(tempfile)
cat >"${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
2020-12-28 13:14:11 +01:00
# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
2020-12-28 13:14:11 +01:00
TALER_EUSER=${_EUSERNAME}
2021-07-16 17:16:38 +02:00
TALER_RSECUSER=${_RSECUSERNAME}
2020-12-28 13:14:11 +01:00
TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME}
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
[Unit]
Description=Taler Exchange Socket
PartOf=taler-exchange-httpd.service
[Socket]
ListenStream=/var/lib/taler-exchange/exchange.sock
Accept=no
Service=taler-exchange-httpd.service
SocketUser=${_EUSERNAME}
SocketGroup=www-data
SocketMode=0660
[Install]
WantedBy=sockets.target
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
[Unit]
2020-12-28 13:14:11 +01:00
Description=GNU Taler payment system exchange REST API
AssertPathExists=/var/lib/taler-exchange/
Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
2020-12-28 13:14:11 +01:00
After=postgres.service network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_EUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
[Install]
WantedBy=multi-user.target
2020-12-28 13:14:11 +01:00
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
2020-12-28 13:14:11 +01:00
[Unit]
Description=GNU Taler payment system exchange RSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_RSECUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
2020-12-28 13:14:11 +01:00
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
2020-12-28 13:14:11 +01:00
[Unit]
Description=GNU Taler payment system exchange EdDSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_ESECUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
2020-12-28 13:14:11 +01:00
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
2020-12-28 13:14:11 +01:00
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
2020-12-28 13:14:11 +01:00
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
2020-12-28 13:14:11 +01:00
[Unit]
Description=GNU Taler payment system exchange transfer service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
2020-12-28 13:14:11 +01:00
EOF
2021-07-16 17:16:38 +02:00
cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
2020-12-28 13:14:11 +01:00
[Unit]
Description=GNU Taler payment system exchange aggregator service
[Service]
EnvironmentFile=/etc/default/taler-exchange
2020-12-28 13:14:11 +01:00
User=${_AGGRUSERNAME}
Type=simple
Restart=on-failure
2021-07-16 17:16:38 +02:00
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
2021-07-16 18:45:30 +02:00
StandardOutput=journal
StandardError=journal
2021-01-23 23:02:10 +01:00
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
EOF
2021-07-16 17:16:38 +02:00
cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
rm -f "${CONFIG_NEW}"
echo " done."
2021-07-16 17:16:38 +02:00
echo -n "Setting up system services "
2021-07-16 17:16:38 +02:00
mkdir -p /var/lib/taler-exchange/tmp
2021-07-25 21:36:51 +02:00
fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp
2021-07-16 17:16:38 +02:00
chmod +s /var/lib/taler-exchange/tmp
2021-07-16 17:16:38 +02:00
fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
2021-01-02 14:05:45 +01:00
2021-07-16 17:16:38 +02:00
systemctl daemon-reload >/dev/null 2>&1 || true
2021-07-16 17:16:38 +02:00
echo "done."
2021-07-16 17:16:38 +02:00
echo -n "Linking config files"
2021-07-16 17:31:19 +02:00
lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf
lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf
lncfg ${_ESECUSERNAME} secmod-eddsa /etc/taler/exchange-service-default.conf
lncfg ${_AGGRUSERNAME} aggregator /etc/taler/exchange-service-default.conf
lncfg ${_WIREUSERNAME} wire /etc/taler/exchange-service-wire.conf
2021-07-16 17:16:38 +02:00
echo " done"
2021-07-16 17:16:38 +02:00
# Cleaning
echo "All done."
;;
2021-07-16 17:16:38 +02:00
abort-upgrade | abort-remove | abort-deconfigure) ;;
2021-07-16 17:16:38 +02:00
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0