WIP

3 files changed, 88 insertions, 15 deletions

diff --git a/sandcastle-ng/Dockerfile b/sandcastle-ng/Dockerfile
index 5eba820..6c47ae3 100644
--- a/sandcastle-ng/Dockerfile
+++ b/sandcastle-ng/Dockerfile
@@ -33,6 +33,7 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst
   npm \
   openjdk-17-jre-headless \
   openjdk-17-jdk-headless \
+  default-jre-headless \
   nano \
   procps \
   python3-jinja2 \
@@ -53,7 +54,12 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst
   fakeroot \
   libzbar-dev \
   libltdl-dev \
-  net-tools
+  net-tools \
+  python3-flask \
+  python3-flask-babel \
+  uwsgi \
+  python3-bs4 \
+  pybuild-plugin-pyproject
 
 # old: libzbar-dev
 
@@ -123,7 +129,6 @@ COPY buildconfig/libeufin.tag /buildconfig/
 RUN TAG=$(cat /buildconfig/libeufin.tag) && \
   git clone git://git.taler.net/libeufin \
   --branch $TAG
-RUN apt-get install -y default-jre-headless
 WORKDIR /build/libeufin
 RUN ./bootstrap
 RUN ./configure --prefix=/usr
@@ -214,7 +219,9 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst
   less \
   caddy \
   systemd-coredump \
-  libnss3-tools
+  libnss3-tools \
+  latexmk \
+  texlive-latex-extra
 RUN mkdir -p /packages
 COPY --from=gnunet /packages/gnunet/* /packages/
 COPY --from=exchange /packages/exchange/* /packages/
diff --git a/sandcastle-ng/buildconfig/merchant-demos.tag b/sandcastle-ng/buildconfig/merchant-demos.tag
index d47a5c3..06dc5b3 100644
--- a/sandcastle-ng/buildconfig/merchant-demos.tag
+++ b/sandcastle-ng/buildconfig/merchant-demos.tag
@@ -1 +1 @@
-v0.9.3-dev.2
+v0.9.3-dev.4
diff --git a/sandcastle-ng/scripts/setup-sandcastle.sh b/sandcastle-ng/scripts/setup-sandcastle.sh
index b52f7f5..5afa20c 100755
--- a/sandcastle-ng/scripts/setup-sandcastle.sh
+++ b/sandcastle-ng/scripts/setup-sandcastle.sh
@@ -2,6 +2,10 @@
 
 # This scripts provisions all configuration and
 # services for the Taler sandcastle container.
+#
+# Important: This script needs to be completely
+# idempotent, nothing must break if it is executed
+# multiple times.
 
 set -eu
 set -x
@@ -18,6 +22,10 @@ EXCHANGE_BANK_PASSWORD=sandbox
 systemctl stop taler-exchange.target
 systemctl stop taler-merchant-httpd.service
 systemctl stop postgresql.service
+systemctl stop taler-demo-landing.service
+systemctl stop taler-demo-blog.service
+systemctl stop taler-demo-donations.service
+systemctl stop taler-demo-survey.service
 
 # We now make sure that some important locations are symlinked to
 # the persistent storage volume.
@@ -60,18 +68,23 @@ lift_dir /var/lib/postgresql var-lib-postgresql
 
 systemctl stop caddy.service
 
-LANDING_DOMAIN=demo.taler.net
-BANK_DOMAIN=bank.demo.taler.net
-EXCHANGE_DOMAIN=exchange.demo.taler.net
-MERCHANT_DOMAIN=backend.demo.taler.net
-BLOG_DOMAIN=shop.demo.taler.net
-DONATIONS_DOMAIN=donations.demo.taler.net
-SURVEY_DOMAIN=survey.demo.taler.net
+MYDOMAIN=demo.taler.net
+LANDING_DOMAIN=$MYDOMAIN
+BANK_DOMAIN=bank.$MYDOMAIN
+EXCHANGE_DOMAIN=exchange.$MYDOMAIN
+MERCHANT_DOMAIN=backend.$MYDOMAIN
+BLOG_DOMAIN=shop.$MYDOMAIN
+DONATIONS_DOMAIN=donations.$MYDOMAIN
+SURVEY_DOMAIN=survey.$MYDOMAIN
 
 cat <<EOF > /etc/caddy/Caddyfile
 https://$BANK_DOMAIN {
   tls internal
-  reverse_proxy :8080
+  reverse_proxy :8080 {
+    # libeufin-bank should eventually not require this anymore,
+    # but currently doesn't work without this header.
+    header_up X-Forwarded-Prefix "/"
+  }
 }
 
 https://$EXCHANGE_DOMAIN {
@@ -196,6 +209,17 @@ echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u pos
 echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
 
 
+# # The ToS generator is currently borked, we don't generated ToS until that's fixed.
+TOS_PATH=/usr/share/taler/terms
+if [[ ! -e "$TOS_PATH/stamp-generated" ]]; then
+  # ToS generator is picky about the path that it is being run from
+  cd $TOS_PATH
+  taler-terms-generator -i exchange-tos-v0 -a "Taler Systems SA" -C "Taler Systems SA" -p a4 -o $TOS_PATH -l en
+  taler-terms-generator -i exchange-pp-v0 -a "Taler Systems SA" -C "Taler Systems SA" -p a4 -o $TOS_PATH -l en
+  touch "$TOS_PATH/stamp-generated"
+  cd -
+fi
+
 systemctl enable --now taler-exchange.target
 
 taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config
@@ -226,9 +250,8 @@ cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf
 [merchantdb-postgres]
 CONFIG=postgres:///${MERCHANT_DB}
 EOF
-# FIXME: The right groups don't exist right now
-#chmod 440 /etc/taler/secrets/merchant-db.secret.conf
-#chown root:taler-merchant-db /etc/taler/secrets/merchant-db.secret.conf
+chmod 440 /etc/taler/secrets/merchant-db.secret.conf
+chown taler-merchant-httpd:root /etc/taler/secrets/merchant-db.secret.conf
 
 sudo -u taler-merchant-httpd taler-merchant-dbinit -c /etc/taler/taler.conf
 
@@ -237,3 +260,46 @@ taler-harness deployment wait-taler-service taler-merchant https://$MERCHANT_DOM
 
 # merchant passwd
 # taler-harness deployment provision-merchant-instance https://$MERCHANT_DOMAIN/
+
+taler-harness deployment provision-merchant-instance \
+  https://backend.demo.taler.net/ \
+  --management-token secret-token:sandbox \
+  --instance-token secret-token:sandbox \
+  --name Merchant \
+  --id default \
+  --payto 'payto://iban/DE5135717?receiver-name=Merchant'
+
+
+# Now we set up the taler-merchant-demos
+
+cat <<EOF >/etc/taler/taler-merchant-frontends.conf
+# Different entry point, we need to repeat some settings.
+# In the future, taler-merchant-demos should become
+# robust enough to read from the main config.
+[taler]
+CURRENCY = $CURRENCY
+[frontends]
+BACKEND = https://backend.demo.taler.net/
+BACKEND_APIKEY = secret-token:sandbox
+[landing]
+SERVE = http
+HTTP_PORT = 8501
+[blog]
+SERVE = http
+HTTP_PORT = 8502
+[donations]
+SERVE = http
+HTTP_PORT = 8503
+[survey]
+SERVE = http
+HTTP_PORT = 8504
+EOF
+
+systemctl enable --now taler-demo-landing
+systemctl enable --now taler-demo-blog
+systemctl enable --now taler-demo-donations
+systemctl enable --now taler-demo-survey
+
+
+# FIXME: Maybe do some taler-wallet-cli test?
+# FIXME: How do we report errors occurring during the setup script?