taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

work on Debian package: extend pre-configuration, add reverse proxy setup logic, add database setup logic (untested)

Browse Source
This commit is contained in:
Christian Grothoff 2021-01-01 20:43:59 +01:00
parent cd9220b187
commit 90d4bc9519
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
14 changed files with 172 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/conf/apache.conf vendored Normal file
View File

@ -0,0 +1,4 @@
<Location "/taler-exchange/">
ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/"
RequestHeader add "X-Forwarded-Proto" "https"
</Location>

7
debian/conf/nginx.conf vendored Normal file
View File

@ -0,0 +1,7 @@
location /taler-exchange/ {
proxy_pass http://unix:/var/lib/taler-exchange/exchange.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
proxy_set_header X-Forwarded-Proto "https";
}

1
debian/control vendored
View File

@ -54,6 +54,7 @@ Depends:
adduser, adduser,
lsb-base, lsb-base,
netbase, netbase,
dbconfig-pgsql | dbconfig-no-thanks,
python3-jinja2, python3-jinja2,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends} ${shlibs:Depends}

2
debian/db/install/pgsql vendored Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
taler-exchange-dbinit -c /etc/taler.conf

2
debian/db/upgrade/pgsql vendored Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
taler-exchange-dbinit -c /etc/taler.conf

3
debian/etc/taler-exchange-db.conf vendored Normal file
View File

@ -0,0 +1,3 @@
[taler-exchangdb-postgres]
CONFIG = postgres:///taler-exchange

7
debian/etc/taler.conf → debian/etc/taler-exchange.conf vendored
View File

@ -1,5 +1,12 @@
@INLINE@ /etc/taler-exchange-db.conf
[PATHS] [PATHS]
# Move runtime data "tmp" directory to /var/lib/taler-exchange/ # Move runtime data "tmp" directory to /var/lib/taler-exchange/
# to possibly provide additional protection from unwarranted access. # to possibly provide additional protection from unwarranted access.
TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/ TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
[exchange]
SERVE = UNIX
UNIXPATH = /var/lib/taler-exchange/exchange.sock
DATABASE = postgres

1
debian/etc/taler-wire.conf vendored Normal file
View File

@ -0,0 +1 @@
@INLINE@ /etc/taler-exchange-db.conf

7
debian/taler-exchange.config vendored
View File

@ -22,7 +22,10 @@ db_go
db_input low taler-exchange/groupname || true db_input low taler-exchange/groupname || true
db_go db_go
db_input medium taler-exchange/autostart || true if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
db_go . /usr/share/dbconfig-common/dpkg/config.pgsql
dbc_go taler-exchange "$@"
fi
db_stop db_stop

5
debian/taler-exchange.install vendored
View File

@ -1,3 +1,6 @@
etc/taler.conf
usr/bin/ usr/bin/
usr/lib/*/taler/*.so usr/lib/*/taler/*.so
debian/etc/* etc/
debian/db/install/* usr/share/dbconfig-common/scripts/taler-exchange/install/
debian/db/upgrade/* usr/share/dbconfig-common/scripts/taler-exchange/upgrade/
debian/conf/* etc/taler-exchange/

86
debian/taler-exchange.postinst vendored
View File

@ -2,6 +2,27 @@
set -e set -e
apache_install() {
mkdir -p /etc/apache2/conf-available
if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
then
cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf
fi
a2enmod proxy
a2enmod proxy_http
a2enmod headers
}
nginx_install() {
mkdir -p /etc/nginx/conf-available
if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
then
cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf
fi
}
. /usr/share/debconf/confmodule . /usr/share/debconf/confmodule
case "${1}" in case "${1}" in
@ -26,16 +47,13 @@ case "${1}" in
db_get taler-exchange/groupname db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}" _GROUPNAME="${RET:-taler-private}"
db_get taler-exchange/autostart db_get taler-exchange/dbgroupname
_AUTOSTART="${RET}" # boolean _DBGROUPNAME="${RET:-taler-exchange-db}"
db_stop db_stop
CONFIG_FILE="/etc/default/taler" CONFIG_FILE="/etc/default/taler-exchange"
# Read default values
TALER_HOME="/var/lib/taler-exchange" TALER_HOME="/var/lib/taler-exchange"
eval $(grep TALER_HOME /etc/taler.conf | tr -d '[:blank:]')
# Creating taler group if needed # Creating taler group if needed
if ! getent group ${_GROUPNAME} > /dev/null if ! getent group ${_GROUPNAME} > /dev/null
@ -50,6 +68,7 @@ case "${1}" in
then then
echo -n "Creating new Taler user ${_EUSERNAME}:" echo -n "Creating new Taler user ${_EUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done." echo " done."
fi fi
if ! getent passwd ${_RSECUSERNAME} > /dev/null if ! getent passwd ${_RSECUSERNAME} > /dev/null
@ -68,12 +87,14 @@ case "${1}" in
then then
echo -n "Creating new Taler user ${_WIREUSERNAME}:" echo -n "Creating new Taler user ${_WIREUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
adduser ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done." echo " done."
fi fi
if ! getent passwd ${_AGGRUSERNAME} > /dev/null if ! getent passwd ${_AGGRUSERNAME} > /dev/null
then then
echo -n "Creating new Taler user ${_AGGRUSERNAME}:" echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
adduser ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done." echo " done."
fi fi
@ -92,7 +113,6 @@ TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME} TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME} TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME} TALER_GROUP=${_GROUPNAME}
TALER_AUTOSTART="${_AUTOSTART}"
EOF EOF
cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
@ -103,11 +123,11 @@ Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer
After=postgres.service network.target After=postgres.service network.target
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_EUSERNAME} User=${_EUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler.conf ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
@ -118,11 +138,11 @@ cat > "/etc/systemd/system/taler-exchange-helper-rsa.service" <<EOF
Description=GNU Taler payment system exchange RSA security module Description=GNU Taler payment system exchange RSA security module
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_RSECUSERNAME} User=${_RSECUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler.conf ExecStart=/usr/bin/taler-helper-crypto-rsa -c /etc/taler-exchange.conf
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
@ -132,11 +152,11 @@ cat > "/etc/systemd/system/taler-exchange-helper-eddsa.service" <<EOF
Description=GNU Taler payment system exchange EdDSA security module Description=GNU Taler payment system exchange EdDSA security module
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_ESECUSERNAME} User=${_ESECUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler.conf ExecStart=/usr/bin/taler-helper-crypto-eddsa -c /etc/taler-exchange.conf
EOF EOF
cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
[Unit] [Unit]
@ -144,7 +164,7 @@ Description=GNU Taler payment system exchange wirewatch service
After=network.target After=network.target
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME} User=${_WIREUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
@ -156,7 +176,7 @@ Description=GNU Taler payment system exchange transfer service
After=network.target After=network.target
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME} User=${_WIREUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
@ -167,7 +187,7 @@ cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
Description=GNU Taler payment system exchange aggregator service Description=GNU Taler payment system exchange aggregator service
[Service] [Service]
EnvironmentFile=/etc/default/taler EnvironmentFile=/etc/default/taler-exchange
User=${_AGGRUSERNAME} User=${_AGGRUSERNAME}
Type=simple Type=simple
Restart=on-failure Restart=on-failure
@ -184,6 +204,40 @@ EOF
chmod 770 /var/lib/taler-exchange/tmp chmod 770 /var/lib/taler-exchange/tmp
chmod +s /var/lib/taler-exchange/tmp chmod +s /var/lib/taler-exchange/tmp
# Setup postgres database (needs dbconfig-pgsql package)
if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/postinst.pgsql
# dbc_dbfile_* should not apply for Postgres, but better be safe...
dbc_dbfile_owner="${_EUSERNAME}:${_DBGROUPNAME}"
dbc_dbfile_perms="0660"
dbc_pgsql_createdb_encoding="UTF8"
dbc_go taler-exchange "$@"
fi
# get database settings from dbconfig-common
if [ -f /etc/dbconfig-common/taler-exchange.conf ]; then
. /etc/dbconfig-common/taler-exchange.conf
case "$dbc_dbtype" in
pgsql)
taler-config -c /etc/taler-exchange-db.conf \
-s "exchangedb-postgres" \
-o "CONFIG" \
-V "postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname"
taler-config -c /etc/taler-exchange-db.conf \
-s "exchange" \
-o "DB" \
-V "postgres"
chown ${_EUSERNAME}:${_DBGROUPNAME} /etc/taler-exchange-db.conf
chmod 440 /etc/taler-exchange-db.conf
;;
"")
;;
*)
echo "Unsupported database type $dbc_type."
exit 1
;;
esac
fi
# Cleaning # Cleaning
rm -f "${CONFIG_NEW}" rm -f "${CONFIG_NEW}"
echo "All done." echo "All done."

41
debian/taler-exchange.postrm vendored
View File

@ -15,6 +15,43 @@ pathfind() {
return 1 return 1
} }
apache_remove() {
if [ diff /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
then
rm -f /etc/apache2/conf-available/taler-exchange.conf
fi
}
nginx_remove() {
if [ diff /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
then
rm -f /etc/nginx/conf-available/taler-exchange.conf
fi
}
if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/postrm.pgsql
dbc_go taler-exchange "$@"
fi
if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
if [ -f /usr/share/debconf/confmodule ]; then
db_version 2.0
db_get taler-exchange/reconfigure-webserver
webservers="$RET"
for webserver in $webservers; do
webserver=${webserver%,}
if [ "$webserver" = "nginx" ] ; then
nginx_remove
else
apache_remove
fi
done
fi
fi
case "${1}" in case "${1}" in
purge) purge)
if [ -e /usr/share/debconf/confmodule ] if [ -e /usr/share/debconf/confmodule ]
@ -48,8 +85,6 @@ case "${1}" in
_GROUPNAME="taler-private" _GROUPNAME="taler-private"
fi fi
TALERDNS_GROUP="talerdns"
if pathfind deluser if pathfind deluser
then then
deluser --quiet --system ${_EUSERNAME} || true deluser --quiet --system ${_EUSERNAME} || true
@ -64,7 +99,7 @@ case "${1}" in
delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
fi fi
rm -rf /var/log/taler/ /var/lib/taler /etc/default/taler rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
;; ;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)

17
debian/taler-exchange.prerm vendored Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh
set -e
if [ -f /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
fi
. /usr/share/dbconfig-common/dpkg/prerm
if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/prerm.pgsql
dbc_go taler-exchange "$@"
fi
db_stop
exit 0

19
debian/taler-exchange.templates vendored
View File

@ -46,7 +46,7 @@ _Description: Taler user:
Template: taler-exchange/groupname Template: taler-exchange/groupname
Type: string Type: string
Default: taler Default: taler-private
_Description: Taler group: _Description: Taler group:
Please choose the group that the Taler exchange and security Please choose the group that the Taler exchange and security
modules will run as. modules will run as.
@ -55,10 +55,13 @@ _Description: Taler group:
Only the members of this group will have access to Taler private Only the members of this group will have access to Taler private
online signing keys. online signing keys.
Template: taler-exchange/autostart
Type: boolean Template: taler-exchange/dbgroupname
Default: true Type: string
_Description: Should the Taler exchange be launched on boot? Default: taler-exchange-db
If you choose this option, a Taler exchange will be launched each time _Description: Taler group:
the system is started. Otherwise, you will need to launch Please choose the group that the Taler users with database access
Taler each time you want to use it. should be in.
.
This should be a dedicated group, not one that already owns data.
Only the members of this group will have access to Taler database.