From 294730cf014e3ce74f16d886516e8fc02df3bd18 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 18 Apr 2021 02:21:03 +0200 Subject: [PATCH] fix #6769, plus some related configuration issues and better documentation --- debian/changelog | 6 ++++++ debian/etc/taler-exchange.conf | 28 +++++++++++++++++++--------- debian/etc/taler-wire.conf | 4 ++-- debian/taler-exchange.README.Debian | 18 +++++++++++------- debian/taler-exchange.postinst | 29 +++++++++++++++++++++++++---- debian/taler-exchange.postrm | 1 + src/exchange/taler-exchange-httpd.c | 6 ++++-- 7 files changed, 68 insertions(+), 24 deletions(-) diff --git a/debian/changelog b/debian/changelog index 84d399c14..f2c8d98d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +taler-exchange (0.9.0-9) unstable; urgency=low + + * Fix #6769: have systemd create exchange UNIX domain socket with nice permissions. + + -- Christian Grothoff Sun, 18 Apr 2021 13:02:10 +0100 + taler-exchange (0.9.0-8) unstable; urgency=low * Fix minor memory leak. diff --git a/debian/etc/taler-exchange.conf b/debian/etc/taler-exchange.conf index b9eba1651..34af223d2 100644 --- a/debian/etc/taler-exchange.conf +++ b/debian/etc/taler-exchange.conf @@ -1,8 +1,12 @@ -# First line should be: "INLINE@ /etc/taler-exchange-db.conf" -@INLINE@ /etc/taler-exchange-db.conf +# First line should be: "INLINE@ taler-exchange-db.conf" +# 2nd line should be: "INLINE@ taler-secmod.conf" +@INLINE@ taler-exchange-db.conf +@INLINE@ taler-secmod.conf # Do not edit this file using 'taler-config', otherwise the line # above will be lost! - +# +# Please read the taler-exchange.README.Debian for how to configure a Taler exchange. +# [PATHS] @@ -19,10 +23,16 @@ UNIXPATH = /var/lib/taler-exchange/exchange.sock # Only supported database is Postgres right now. DATABASE = postgres -[taler] -# Here you need to set the currency of your exchange: -# CURRENCY = KUDOS +# Here you MUST add the master public key of the offline system +# which you can get using `taler-exchange-offline setup`. +# This is just an example, your key will be different! +# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG +MASTER_PUBLIC_KEY = -[coin_FOO] -# You must specify the various denominations to be offered by your exchange -# in sections called "coin_". +# For your terms of service and privacy policy, you should specify +# an Etag that must be updated whenever there are significant +# changes to either document. The format is up to you, what matters +# is that the value is updated and never re-used. See the HTTP +# specification on Etags. +# TERMS_ETAG = +# PRIVACY_ETAG = diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf index 02c5993f9..d0484381a 100644 --- a/debian/etc/taler-wire.conf +++ b/debian/etc/taler-wire.conf @@ -1,5 +1,5 @@ -# First line should be: "INLINE@ /etc/taler-exchange-db.conf" -@INLINE@ /etc/taler-exchange-db.conf +# First line should be: "INLINE@ taler-exchange-db.conf" +@INLINE@ taler-exchange-db.conf # Do not edit this file using 'taler-config', otherwise the line # above will be lost! diff --git a/debian/taler-exchange.README.Debian b/debian/taler-exchange.README.Debian index def3ddc9d..cce5d9ffb 100644 --- a/debian/taler-exchange.README.Debian +++ b/debian/taler-exchange.README.Debian @@ -6,10 +6,14 @@ exchange with this minimal template. You must: * Configure the Postgres database for the exchange, ideally including remote replication of the database to the auditor. -* Run taler-exchange-dbinit (also after package upgrades). -* Edit /etc/taler-exchange.conf to must setup the currency and denominations +* Run `taler-exchange-dbinit` (also after package upgrades). +* Edit ``/etc/taler-secmod.conf`` to must setup the currency and denominations details. -* Edit /etc/taler-wire.conf to provide details about the bank account access. +* Edit `/etc/taler-wire.conf` to provide details about the bank account access. +* Run `taler-exchange-offline setup` on your offline system and add + the resulting master public key into the ``[exchange]`` section of + ``/etc/taler-exchange.conf`` under ``MASTER_PUBLIC_KEY``. + None of these are done by the Debian package because we cannot provide the required complete configuration details. @@ -18,13 +22,13 @@ required complete configuration details. Once you have done this, you can use the following commands to start, stop or restart the Taler exchange: - # systemctl start taler-exchange - # systemctl stop taler-exchange - # systemctl restart taler-exchange + # systemctl start taler-exchange-httpd.service + # systemctl stop taler-exchange-httpd.service + # systemctl restart taler-exchange-httpd.service To permanently the exchange whenever the system boots, use: - # systemctl enable taler-exchange + # systemctl enable taler-exchange-httpd -- Christian Grothoff Mon 28 Dec 2020 11:37:14 AM CET diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index b09550e51..72f8f6c5d 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -101,11 +101,29 @@ TALER_AGGRUSER=${_AGGRUSERNAME} TALER_GROUP=${_GROUPNAME} EOF +cat > "/etc/systemd/system/taler-exchange-httpd.socket" < "/etc/systemd/system/taler-exchange-httpd.service" </dev/null 2>&1 || true + echo "done." # Cleaning diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index 8a5a007b9..5cefa5bc5 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -57,6 +57,7 @@ case "${1}" in fi rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange + rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 917b686e0..a0e9de8a4 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -1729,8 +1729,8 @@ main (int argc, if ( (-1 == flags) && (EBADF == errno) ) { - fprintf (stderr, - "Bad listen socket passed, ignored\n"); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Bad listen socket passed, ignored\n"); fh = -1; } flags |= FD_CLOEXEC; @@ -1740,6 +1740,8 @@ main (int argc, flags)) ) GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "fcntl"); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Successfully obtained listen socket from hypervisor\n"); } /* initialize #internal_key_state with an RC of 1 */