diff --git a/debian/etc/taler/exchange-system.conf b/debian/etc/taler/exchange-system.conf index bdf53fce7..2b7f34304 100644 --- a/debian/etc/taler/exchange-system.conf +++ b/debian/etc/taler/exchange-system.conf @@ -6,14 +6,15 @@ [PATHS] -# Move runtime data "tmp" directory to /var/lib/taler-exchange/ -# to possibly provide additional protection from unwarranted access. -TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/ +TALER_RUNTIME_DIR = /run/taler-exchange-private [exchange] # Debian package is configured to use a reverse proxy with a UNIX # domain socket. See nginx/apache configuration files. +# +# FIXME: This should be set to something like "NONE" +# since systemd creates the socket for us. SERVE = UNIX UNIXPATH = /var/lib/taler-exchange/exchange.sock diff --git a/debian/taler-exchange.taler-exchange-httpd.service b/debian/taler-exchange.taler-exchange-httpd.service index 3bfc895d5..6b902da60 100644 --- a/debian/taler-exchange.taler-exchange-httpd.service +++ b/debian/taler-exchange.taler-exchange-httpd.service @@ -1,7 +1,6 @@ [Unit] Description=GNU Taler payment system exchange REST API -AssertPathExists=/var/lib/taler-exchange/ -Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +Requires=taler-exchange-rundir.service taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service After=postgres.service network.target diff --git a/debian/taler-exchange.taler-exchange-rundir.service b/debian/taler-exchange.taler-exchange-rundir.service new file mode 100644 index 000000000..c42392945 --- /dev/null +++ b/debian/taler-exchange.taler-exchange-rundir.service @@ -0,0 +1,14 @@ +[Unit] +Description=Private runtime directory for the GNU Taler exchange + +[Service] +# We just want to create the run directory +Type=oneshot +RuntimeDirectory=taler-exchange-private +User=root +Group=taler-exchange-private +ExecStart=/bin/true +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service b/debian/taler-exchange.taler-exchange-secmod-eddsa.service index 569aaed89..a6e59f6ae 100644 --- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service @@ -1,5 +1,6 @@ [Unit] Description=GNU Taler payment system exchange EdDSA security module +Requires=taler-exchange-rundir.service [Service] User=taler-exchange-secmod-eddsa diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service b/debian/taler-exchange.taler-exchange-secmod-rsa.service index fa1c263ae..b0c6d414b 100644 --- a/debian/taler-exchange.taler-exchange-secmod-rsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service @@ -1,5 +1,6 @@ [Unit] Description=GNU Taler payment system exchange RSA security module +Requires=taler-exchange-rundir.service [Service] User=taler-exchange-secmod-rsa