taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

debian: revise maintainer scripts and service files

Browse Source
This commit is contained in:
Florian Dold 2021-07-26 14:18:02 +02:00
parent a06a6a22ea
commit 5430dc3418
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
21 changed files with 280 additions and 500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
taler-exchange (0.9.0-15) unstable; urgency=low
* New Taler amount operations (set zero, ...) added.
* New configuration file structure
* New taler-exchange-offline package
-- Florian Dold <dold@taler.net> Mon, 26 Jul 2021 11:21:39 +0200
taler-exchange (0.9.0-14) unstable; urgency=low
* Expose additional symbols needed in merchant logic.

21
debian/control vendored
View File

@ -44,7 +44,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
Description: libraries to talk to a GNU Taler exchange.
Description: libraries to talk to a GNU Taler exchange
Package: taler-exchange-database
Architecture: any
@ -55,7 +55,7 @@ Depends:
netbase,
${misc:Depends},
${shlibs:Depends}
Description: programs and libraries to manage a GNU Taler exchange database.
Description: programs and libraries to manage a GNU Taler exchange database
Package: taler-exchange
Architecture: any
@ -71,7 +71,20 @@ Depends:
dbconfig-pgsql | dbconfig-no-thanks,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system operator.
Description: GNU's payment system operator
Package: taler-exchange-offline
Architecture: any
Pre-Depends:
${misc:Pre-Depends}
Depends:
libtalerexchange (= ${binary:Version}),
adduser,
lsb-base,
netbase,
${misc:Depends},
${shlibs:Depends}
Description: tools for managing the GNU Taler exchange offline keys
Package: taler-auditor
Architecture: any
@ -87,7 +100,7 @@ Depends:
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system auditor.
Description: GNU's payment system auditor
Package: libtalerexchange-dev
Section: libdevel

8
debian/etc/taler/exchange-offline.conf vendored Normal file
View File

@ -0,0 +1,8 @@
# This configuration file is the entry point for the offline key management.
#
# It includes other configuration files, which are applied on top of the
# read-only base configuration (typically in /usr/share/taler/config.d/).
# This file should be identical to the business configuration of the running
# online exchange
@INLINE@ exchange-business.conf

1
debian/libtalerexchange.install vendored
View File

@ -3,3 +3,4 @@ usr/lib/*/libtaler*
usr/share/taler/config.d/paths.conf
usr/share/taler/config.d/taler.conf
usr/share/man/man5/taler.conf.5
usr/share/man/man1/taler-config*

107
debian/taler-auditor.postinst vendored
View File

@ -4,90 +4,35 @@ set -e
. /usr/share/debconf/confmodule
CONFIG_FILE="/etc/default/taler-auditor"
TALER_HOME="/var/lib/taler-auditor"
_USERNAME=taler-auditor-httpd
_GROUPNAME=taler-auditor-httpd
case "${1}" in
configure)
db_version 2.0
configure)
# Creating taler groups as needed
if ! getent group ${_GROUPNAME} >/dev/null; then
echo -n "Creating new Taler group ${_GROUPNAME} ..."
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
# Creating taler users if needed
if ! getent passwd ${_USERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_USERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
echo " done."
fi
db_get taler-auditor/username
_USERNAME="${RET:-taler-auditor-httpd}"
# Cleaning
echo "All done."
;;
db_get taler-auditor/groupname
_GROUPNAME="${RET:-taler-auditor-httpd}"
db_stop
CONFIG_FILE="/etc/default/taler-auditor"
TALER_HOME="/var/lib/taler-auditor"
# Creating taler groups as needed
if ! getent group ${_GROUPNAME} > /dev/null
then
echo -n "Creating new Taler group ${_GROUPNAME}:"
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
# Creating taler users if needed
if ! getent passwd ${_USERNAME} > /dev/null
then
echo -n "Creating new Taler user ${_USERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
echo " done."
fi
# Writing new values to configuration file
echo -n "Writing new configuration file:"
CONFIG_NEW=$(tempfile)
cat > "${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
TALER_USER=${_USERNAME}
TALER_GROUP=${_GROUPNAME}
EOF
cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
[Unit]
Description=GNU Taler payment system auditor REST API
After=postgres.service network.target
[Service]
EnvironmentFile=/etc/default/taler-auditor
User=${_USERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
[Install]
WantedBy=multi-user.target
EOF
cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
rm -f "${CONFIG_NEW}"
echo " done."
echo -n "Setting up system services "
mkdir -p /var/lib/taler-auditor/tmp
chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
chmod 770 /var/lib/taler-auditor/tmp
chmod +s /var/lib/taler-auditor/tmp
systemctl daemon-reload
echo "done."
# Cleaning
echo "All done."
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
abort-upgrade | abort-remove | abort-deconfigure) ;;
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#

55
debian/taler-auditor.postrm vendored
View File

@ -2,55 +2,20 @@
set -e
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
if [ -f /usr/share/debconf/confmodule ];
then
. /usr/share/debconf/confmodule
if [ -f /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
fi
case "${1}" in
purge)
db_version 2.0
purge)
rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
;;
db_get taler-auditor/username
_USERNAME="${RET:-taler-auditor-httpd}"
db_get taler-auditor/groupname
_GROUPNAME="${RET:-taler-auditor-httpd}"
if pathfind deluser
then
deluser --quiet --system ${_USERNAME} || true
fi
if pathfind delgroup
then
delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
fi
rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
*)
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#

13
debian/taler-auditor.taler-auditor-httpd.service vendored Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=GNU Taler payment system auditor REST API
After=postgres.service network.target
[Service]
EnvironmentFile=/etc/default/taler-auditor
User=taler-auditor-httpd
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
[Install]
WantedBy=multi-user.target

16
debian/taler-auditor.templates vendored
View File

@ -1,16 +0,0 @@
Template: taler-auditor/username
Type: string
Default: taler-auditor-httpd
_Description: Taler user:
Please choose the user that the taler-auditor-httpd process will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-auditor/groupname
Type: string
Default: taler-auditor-httpd
_Description: Taler group:
Please choose the group that the taler-auditor-httpd will run as.
.
This should be a dedicated group, not one that already owns data.

14
debian/taler-exchange-httpd.taler-exchange-aggregator.service vendored Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-aggregator
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full

21
debian/taler-exchange-httpd.taler-exchange-httpd.service vendored Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=GNU Taler payment system exchange REST API
AssertPathExists=/var/lib/taler-exchange/
Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
After=postgres.service network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-httpd
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
[Install]
WantedBy=multi-user.target

14
debian/taler-exchange-httpd.taler-exchange-secmod-eddsa.service vendored Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=GNU Taler payment system exchange EdDSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-secmod-eddsa
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full

14
debian/taler-exchange-httpd.taler-exchange-secmod-rsa.service vendored Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=GNU Taler payment system exchange RSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-secmod-rsa
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full

15
debian/taler-exchange-httpd.taler-exchange-transfer.service vendored Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=GNU Taler payment system exchange transfer service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-wire
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full

15
debian/taler-exchange-httpd.taler-exchange-wirewatch.service vendored Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=taler-exchange-wire
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full

5
debian/taler-exchange-offline.install vendored Normal file
View File

@ -0,0 +1,5 @@
usr/bin/taler-exchange-offline
usr/share/man/man1/taler-exchange-offline
# configuration files in /etc/taler
debian/etc/taler/exchange-offline.conf etc/taler/

42
debian/taler-exchange-offline.postinst vendored Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
set -e
. /usr/share/debconf/confmodule
TALEROFF_HOME="/var/lib/taler-exchange-offline"
# usage: lncfg user home target
function lncfg() {
local cf=$TALER_HOME/$2/.config
if [ ! -e $cf ]; then
mkdir $cf
chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf
fi
ln -sf $3 $cf/taler.conf
}
case "${1}" in
configure)
addgroup --quiet --system taler-exchange-offline
adduser --quiet --system --ingroup taler-exchange-offline --home ${TALEROFF_HOME}/httpd taler-exchange-offline
lncfg taler-exchange-offline taler-exchange-offline /etc/taler/exchange-offline.conf
# Cleaning
echo "All done."
;;
abort-upgrade | abort-remove | abort-deconfigure) ;;
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

25
debian/taler-exchange.config vendored
View File

@ -1,25 +0,0 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
db_input low taler-exchange/eusername || true
db_go
db_input low taler-exchange/rsecusername || true
db_go
db_input low taler-exchange/esecusername || true
db_go
db_input low taler-exchange/wireusername || true
db_go
db_input low taler-exchange/aggrusername || true
db_go
db_input low taler-exchange/groupname || true
db_go
db_stop

33
debian/taler-exchange.install vendored
View File

@ -1,17 +1,42 @@
usr/bin/taler-exchange-*
usr/bin/taler-exchange-aggregator
usr/bin/taler-exchange-benchmark
usr/bin/taler-exchange-closer
usr/bin/taler-exchange-dbinit
usr/bin/taler-exchange-httpd
usr/bin/taler-exchange-secmod-eddsa
usr/bin/taler-exchange-secmod-rsa
usr/bin/taler-exchange-transfer
usr/bin/taler-exchange-wirewatch
usr/bin/taler-bank-benchmark
usr/bin/taler-bank-manage-testing
usr/bin/taler-fakebank-run
usr/bin/taler-nexus-prepare
usr/bin/taler-wire-gateway-client
usr/share/man/man1/taler-exchange*
usr/share/man/man1/taler-exchange-aggregator
usr/share/man/man1/taler-exchange-benchmark
usr/share/man/man1/taler-exchange-closer
usr/share/man/man1/taler-exchange-dbinit
usr/share/man/man1/taler-exchange-httpd
usr/share/man/man1/taler-exchange-secmod-eddsa
usr/share/man/man1/taler-exchange-secmod-rsa
usr/share/man/man1/taler-exchange-transfer
usr/share/man/man1/taler-exchange-wirewatch
usr/share/man/man1/taler-bank*
usr/share/man/man1/taler-config*
usr/share/man/man1/taler-wire*
usr/share/info/taler-bank*
usr/share/info/taler-exchange*
usr/share/taler/config.d/*
debian/etc/taler/exchange* etc/taler/
# configuration files in /etc/taler
debian/etc/taler/exchange-business.conf etc/taler/
debian/etc/taler/exchange-db.conf etc/taler/
debian/etc/taler/exchange-service-default.conf etc/taler/
debian/etc/taler/exchange-service-wire.conf etc/taler/
debian/etc/taler/exchange-system.conf etc/taler
debian/etc/taler/exchange-wire-gateway.conf etc/taler/
# sample config files
debian/exchange-conf/* usr/share/taler/sample-configs/
usr/share/taler-exchange/pp/*/*
usr/share/taler-exchange/tos/*/*

214
debian/taler-exchange.postinst vendored
View File

@ -5,6 +5,14 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler-exchange"
CONFIG_FILE="/etc/default/taler-exchange"
_GROUPNAME=taler-exchange-secmod
_DBGROUPNAME=taler-exchange-db
_EUSERNAME=taler-exchange-httpd
_RSECUSERNAME=taler-exchange-secmod-rsa
_ESECUSERNAME=taler-exchange-secmod-rsa
_AGGRUSERNAME=taler-exchange-aggregator
_WIREUSERNAME=taler-exchange-wire
# usage: fixperm user:group perms file
function fixperm() {
@ -24,240 +32,52 @@ function lncfg() {
case "${1}" in
configure)
db_version 2.0
db_get taler-exchange/eusername
_EUSERNAME="${RET:-taler-exchange-httpd}"
db_get taler-exchange/rsecusername
_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
db_get taler-exchange/esecusername
_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
db_get taler-exchange/wireusername
_WIREUSERNAME="${RET:-taler-exchange-wire}"
db_get taler-exchange/aggrusername
_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}"
db_get taler-exchange/dbgroupname
_DBGROUPNAME="${RET:-taler-exchange-db}"
db_stop
CONFIG_FILE="/etc/default/taler-exchange"
# Creating taler groups as needed
# Create taler groups as needed
if ! getent group ${_GROUPNAME} >/dev/null; then
echo -n "Creating new Taler group ${_GROUPNAME}:"
echo -n "Creating new Taler group ${_GROUPNAME} ..."
addgroup --quiet --system ${_GROUPNAME}
echo " done."
fi
if ! getent group ${_DBGROUPNAME} >/dev/null; then
echo -n "Creating new Taler group ${_DBGROUPNAME}:"
echo -n "Creating new Taler group ${_DBGROUPNAME} ..."
addgroup --quiet --system ${_DBGROUPNAME}
echo " done."
fi
# Creating taler users if needed
# Create taler users if needed
if ! getent passwd ${_EUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_EUSERNAME}:"
echo -n "Creating new Taler user ${_EUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_RSECUSERNAME}:"
echo -n "Creating new Taler user ${_RSECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
echo " done."
fi
if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_ESECUSERNAME}:"
echo -n "Creating new Taler user ${_ESECUSERNAME} ..."
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
echo " done."
fi
if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_WIREUSERNAME}:"
echo -n "Creating new Taler user ${_WIREUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
echo -n "Creating new Taler user ${_AGGRUSERNAME} ..."
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
# Writing new values to configuration file
echo -n "Writing new configuration file:"
CONFIG_NEW=$(tempfile)
cat >"${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
TALER_EUSER=${_EUSERNAME}
TALER_RSECUSER=${_RSECUSERNAME}
TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME}
EOF
cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
[Unit]
Description=Taler Exchange Socket
PartOf=taler-exchange-httpd.service
[Socket]
ListenStream=/var/lib/taler-exchange/exchange.sock
Accept=no
Service=taler-exchange-httpd.service
SocketUser=${_EUSERNAME}
SocketGroup=www-data
SocketMode=0660
[Install]
WantedBy=sockets.target
EOF
cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange REST API
AssertPathExists=/var/lib/taler-exchange/
Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
After=postgres.service network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_EUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
[Install]
WantedBy=multi-user.target
EOF
cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange RSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_RSECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
EOF
cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange EdDSA security module
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_ESECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
EOF
cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
EOF
cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange transfer service
After=network.target
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
EOF
cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange aggregator service
[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_AGGRUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
EOF
cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
rm -f "${CONFIG_NEW}"
echo " done."
echo -n "Setting up system services "
mkdir -p /var/lib/taler-exchange/tmp
fixperm root:${_GROUPNAME} 770 /var/lib/taler-exchange/tmp
chmod +s /var/lib/taler-exchange/tmp
fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
systemctl daemon-reload >/dev/null 2>&1 || true
echo "done."
echo -n "Linking config files"
lncfg ${_EUSERNAME} httpd /etc/taler/exchange-service-default.conf
lncfg ${_RSECUSERNAME} secmod-rsa /etc/taler/exchange-service-default.conf

72
debian/taler-exchange.postrm vendored
View File

@ -2,72 +2,22 @@
set -e
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
if [ -f /usr/share/debconf/confmodule ];
then
. /usr/share/debconf/confmodule
if [ -f /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
fi
case "${1}" in
purge)
db_version 2.0
purge)
rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf
;;
db_get taler-exchange/eusername
_EUSERNAME="${RET:-taler-exchange-httpd}"
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
db_get taler-exchange/rsecusername
_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
db_get taler-exchange/esecusername
_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
db_get taler-exchange/wireusername
_WIREUSERNAME="${RET:-taler-exchange-wire}"
db_get taler-exchange/aggrusername
_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}"
if pathfind deluser
then
deluser --quiet --system ${_EUSERNAME} || true
deluser --quiet --system ${_RSECUSERNAME} || true
deluser --quiet --system ${_ESECUSERNAME} || true
deluser --quiet --system ${_WIREUSERNAME} || true
deluser --quiet --system ${_AGGRUSERNAME} || true
fi
if pathfind delgroup
then
delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
fi
rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf /etc/taler-exchange.conf
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
*)
echo "postrm called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#

67
debian/taler-exchange.templates vendored
View File

@ -1,67 +0,0 @@
Template: taler-exchange/eusername
Type: string
Default: taler-exchange-httpd
_Description: Taler user:
Please choose the user that the taler-exchange-httpd process will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-exchange/rsecusername
Type: string
Default: taler-exchange-secmod-rsa
_Description: Taler user:
Please choose the user that the taler-exchange-secmod-rsa process will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-exchange/esecusername
Type: string
Default: taler-exchange-secmod-eddsa
_Description: Taler user:
Please choose the user that the taler-exchange-secmod-eddsa process will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-exchange/wireusername
Type: string
Default: taler-exchange-wire
_Description: Taler user:
Please choose the user that the taler-exchange-transfer and
taler-exchange-wirewatch processes will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-exchange/aggrusername
Type: string
Default: taler-exchange-aggregator
_Description: Taler user:
Please choose the user that the taler-exchange-aggregator process will run as.
.
This should be a dedicated account. If the specified account does not
already exist, it will automatically be created, with no login shell.
Template: taler-exchange/groupname
Type: string
Default: taler-private
_Description: Taler group:
Please choose the group that the Taler exchange and security
modules will run as.
.
This should be a dedicated group, not one that already owns data.
Only the members of this group will have access to Taler private
online signing keys.
Template: taler-exchange/dbgroupname
Type: string
Default: taler-exchange-db
_Description: Taler group:
Please choose the group that the Taler users with database access
should be in.
.
This should be a dedicated group, not one that already owns data.
Only the members of this group will have access to Taler database.