fix auditor postinst

debian/auditor-conf/apache.conf

@@ -0,0 +1,4 @@
+<Location "/taler-auditor/">
+ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/"
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>

debian/auditor-conf/nginx.conf

@@ -0,0 +1,7 @@
+location /taler-auditor/ {
+         proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
+         proxy_redirect off;
+         proxy_set_header Host $host;
+         proxy_set_header X-Forwarded-Host "example.com";
+         proxy_set_header X-Forwarded-Proto "https";
+}

debian/changelog

@@ -1,3 +1,9 @@
+taler-exchange (0.9.0-3) unstable; urgency=medium
+
+  * Fix taler-exchange.postrm crash (prevented uninstall).
+  * Split out taler-auditor package.
+  * Setup user and systemd service for taler-auditor-httpd.
+
 taler-exchange (0.9.0-2) unstable; urgency=medium
 
   * Modify setup to not touch database (too complex anyway).

debian/control

@@ -55,11 +55,25 @@ Depends:
  lsb-base,
  netbase,
  dbconfig-pgsql | dbconfig-no-thanks,
- python3-jinja2,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: GNU's payment system operator.
 
+Package: taler-auditor
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ libtalerexchange (= ${binary:Version}),
+ adduser,
+ lsb-base,
+ netbase,
+ dbconfig-pgsql | dbconfig-no-thanks,
+ python3-jinja2,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: GNU's payment system auditor.
+
 Package: libtalerexchange-dev
 Section: libdevel
 Architecture: any

debian/etc/taler-auditor.conf

@@ -0,0 +1,14 @@
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-auditor/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+
+[auditor]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-auditor/auditor.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres

debian/rules

@@ -34,3 +34,4 @@ override_dh_auto_clean:
 override_dh_install:
 	dh_install
 	cd debian/libtalerexchange; find . -type f -exec rm -f ../taler-exchange/{} \;
+	cd debian/taler-auditor; find . -type f -exec rm -f ../taler-exchange/{} \;

debian/taler-auditor.install

@@ -0,0 +1,8 @@
+usr/bin/taler-auditor
+usr/bin/taler-auditor-dbinit
+usr/bin/taler-auditor-exchange
+usr/bin/taler-auditor-httpd
+usr/bin/taler-auditor-offline
+usr/bin/taler-helper-auditor-*
+debian/etc/taler-auditor.conf etc/
+debian/auditor-conf/* etc/taler-auditor/

debian/taler-auditor.postinst

@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+case "${1}" in
+	configure)
+		db_version 2.0
+
+		db_get taler-auditor/username
+		_USERNAME="${RET:-taler-auditor-httpd}"
+
+		db_get taler-auditor/groupname
+		_GROUPNAME="${RET:-taler-auditor-httpd}"
+
+		db_stop
+
+		CONFIG_FILE="/etc/default/taler-auditor"
+		TALER_HOME="/var/lib/taler-auditor"
+
+		# Creating taler groups as needed
+		if ! getent group ${_GROUPNAME} > /dev/null
+		then
+			echo -n "Creating new Taler group ${_GROUPNAME}:"
+			addgroup --quiet --system ${_GROUPNAME}
+			echo " done."
+		fi
+		# Creating taler users if needed
+		if ! getent passwd ${_USERNAME} > /dev/null
+		then
+			echo -n "Creating new Taler user ${_USERNAME}:"
+			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
+			echo " done."
+		fi
+        # Writing new values to configuration file
+        echo -n "Writing new configuration file:"
+        CONFIG_NEW=$(tempfile)
+
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the Taler init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure taler-auditor'.
+
+TALER_USER=${_USERNAME}
+TALER_GROUP=${_GROUPNAME}
+EOF
+
+cat > "/etc/systemd/system/taler-auditor-httpd.service" <<EOF
+[Unit]
+Description=GNU Taler payment system auditor REST API
+After=postgres.service network.target
+
+[Service]
+EnvironmentFile=/etc/default/taler-auditor
+User=${_USERNAME}
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+		cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+		rm -f "${CONFIG_NEW}"
+		echo " done."
+
+        echo -n "Setting up system services "
+
+        mkdir -p /var/lib/taler-auditor/tmp
+        chown root:${_GROUPNAME} /var/lib/taler-auditor/tmp
+        chmod 770 /var/lib/taler-auditor/tmp
+        chmod +s /var/lib/taler-auditor/tmp
+
+        systemctl daemon-reload
+
+        echo "done."
+
+		# Cleaning
+		echo "All done."
+		;;
+
+	abort-upgrade|abort-remove|abort-deconfigure)
+		;;
+
+	*)
+		echo "postinst called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0

debian/taler-auditor.postrm

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+pathfind() {
+	OLDIFS="$IFS"
+	IFS=:
+	for p in $PATH; do
+		if [ -x "$p/$*" ]; then
+			IFS="$OLDIFS"
+			return 0
+		fi
+	done
+	IFS="$OLDIFS"
+	return 1
+}
+
+if [ -f /usr/share/debconf/confmodule ];
+then
+    . /usr/share/debconf/confmodule
+fi
+
+case "${1}" in
+	purge)
+		db_version 2.0
+
+		db_get taler-auditor/username
+		_USERNAME="${RET:-taler-auditor-httpd}"
+
+		db_get taler-auditor/groupname
+		_GROUPNAME="${RET:-taler-auditor-httpd}"
+
+		if pathfind deluser
+		then
+			deluser --quiet --system ${_USERNAME} || true
+		fi
+
+		if pathfind delgroup
+		then
+			delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
+		fi
+
+		rm -rf /var/log/taler-auditor/ /var/lib/taler-auditor /etc/default/taler-auditor
+		;;
+
+	remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+		;;
+
+	*)
+		echo "postrm called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0

debian/taler-auditor.templates

@@ -0,0 +1,16 @@
+Template: taler-auditor/username
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler user:
+ Please choose the user that the taler-auditor-httpd process will run as.
+ .
+ This should be a dedicated account. If the specified account does not
+ already exist, it will automatically be created, with no login shell.
+
+Template: taler-auditor/groupname
+Type: string
+Default: taler-auditor-httpd
+_Description: Taler group:
+ Please choose the group that the taler-auditor-httpd will run as.
+ .
+ This should be a dedicated group, not one that already owns data.

debian/taler-exchange.install

@@ -1,4 +1,4 @@
 usr/bin/
 usr/lib/*/taler/*.so
 debian/etc/* etc/
-debian/conf/* etc/taler-exchange/
+debian/exchange-conf/* etc/taler-exchange/

debian/taler-exchange.postinst

@@ -3,26 +3,6 @@
 set -e
 
 
-apache_install() {
-	mkdir -p /etc/apache2/conf-available
-    if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
-    then
-	    cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf
-    fi
-    a2enmod proxy
-    a2enmod proxy_http
-    a2enmod headers
-}
-
-
-nginx_install() {
-	mkdir -p /etc/nginx/conf-available
-    if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
-    then
-	    cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf
-    fi
-}
-
 . /usr/share/debconf/confmodule
 
 case "${1}" in