diff options
42 files changed, 670 insertions, 192 deletions
diff --git a/bin/taler-deployment-arm b/bin/taler-deployment-arm index 6700d99..6b101ac 100755 --- a/bin/taler-deployment-arm +++ b/bin/taler-deployment-arm @@ -7,7 +7,7 @@ export PATH="$base/local/bin":$PATH logdir=$base/logs -export GNUNET_FORCE_LOG="taler;;;;DEBUG/arm;;;;INFO" +export GNUNET_FORCE_LOG="taler;;;;DEBUG/arm;;;;INFO/;pq.c;;;DEBUG/;postgres.c;;;DEBUG" cd $HOME/$color diff --git a/bin/taler-deployment-bbstart b/bin/taler-deployment-bbstart index 1f13061..2b8795c 100755 --- a/bin/taler-deployment-bbstart +++ b/bin/taler-deployment-bbstart @@ -2,5 +2,5 @@ cd ~/buildbot source venv/bin/activate -buildslave start slave/ +buildbot-worker start slave/ deactivate diff --git a/bin/taler-deployment-bbstop b/bin/taler-deployment-bbstop index 8fcc724..e46f3c0 100755 --- a/bin/taler-deployment-bbstop +++ b/bin/taler-deployment-bbstop @@ -2,5 +2,5 @@ cd ~/buildbot source venv/bin/activate -buildslave stop slave/ +buildbot-worker stop slave/ deactivate diff --git a/bin/taler-deployment-start b/bin/taler-deployment-start index f33bfe4..9acfe47 100755 --- a/bin/taler-deployment-start +++ b/bin/taler-deployment-start @@ -12,6 +12,7 @@ taler-deployment-arm -s taler-deployment-arm -i taler-exchange taler-deployment-arm -i taler-merchant taler-deployment-arm -i taler-demobank +taler-deployment-arm -i taler-demobank-admin taler-deployment-arm -i taler-donations taler-deployment-arm -i taler-blog taler-deployment-arm -i taler-landing diff --git a/buildbot/README b/buildbot/README new file mode 100644 index 0000000..c8be2da --- /dev/null +++ b/buildbot/README @@ -0,0 +1,7 @@ +Packages needed to use Buildbot 0.9.x. + +- buildbot +- buildbot-worker +- buildbot-www +- buildbot-waterfall-view +- buildbot-console-view diff --git a/buildbot/master-lonelyslave.cfg b/buildbot/master-lonelyslave.cfg new file mode 100644 index 0000000..f9e1894 --- /dev/null +++ b/buildbot/master-lonelyslave.cfg @@ -0,0 +1,161 @@ +# -*- python -*- +# ex: set syntax=python: + +c = BuildmasterConfig = {} +local = "${HOME}/local" + +####### LOGS SIZE + +c['changeHorizon'] = 20 +c['buildHorizon'] = 10 +c['logHorizon'] = 4 +c['buildCacheSize'] = 2 + +####### BUILDSLAVES + +from buildbot.worker import Worker +c['workers'] = [Worker("lonelySlave", "taler"), + Worker("lcovSlave", "taler"), + Worker("containersSlave", "taler")] + +c['protocols'] = {'pb': {'port': 9989}} + +####### CHANGESOURCES +# They are just "pointers" to monitored codebases. + + +from buildbot.changes.gitpoller import GitPoller +c['change_source'] = [] +c['change_source'].append(GitPoller( + 'git://git.taler.net/exchange.git', + workdir='gitpoller-workdir', branches=True, + pollinterval=300)) +c['change_source'].append(GitPoller( + 'git://git.taler.net/merchant.git', + workdir='gitpoller-workdir', branches=True, + pollinterval=300)) +c['change_source'].append(GitPoller( + 'git://git.taler.net/bank.git', + workdir='gitpoller-workdir', branches=True, + pollinterval=300)) +c['change_source'].append(GitPoller( + 'git://git.taler.net/merchant-frontends.git', + workdir='gitpoller-workdir', branches=True, + pollinterval=300)) + +####### SCHEDULERS +# They take action: actually trigger the build. + +from buildbot.schedulers.basic import SingleBranchScheduler +from buildbot.schedulers.forcesched import ForceScheduler +from buildbot.schedulers.timed import * +from buildbot.changes import filter + +c['schedulers'] = [] +gitMaster = SingleBranchScheduler( + name="global-master", + reason="Commit pushed for one of the sub-projects", + change_filter=filter.ChangeFilter(branch='master'), + treeStableTimer=300, + builderNames=["lone-builder", "lcov-build"]) + +force = ForceScheduler(name="force-build", + builderNames=["lone-builder", "lcov-build"]) + +# For now, the whole withdraw/pay cliking is started manually +# (as the blue-green infrastructure needs some upgrading) +forceClick = ForceScheduler( + name="force-clicking", + builderNames=["auto-click"]) + + +c['schedulers'] = [force, gitMaster, forceClick] + +####### BUILDERS +# They know *how* to build: which scripts need to be invoked, +# where in the filesystem.. + +from buildbot.process.factory import BuildFactory +from buildbot.steps.source.git import Git +from buildbot.steps.shell import ShellCommand +from buildbot.steps.shell import Configure +from buildbot.steps.shell import Compile +from buildbot.steps.shell import Test +import os + +lonelyness = BuildFactory() +lonelyness.addStep(Git(repourl='git://git.taler.net/deployment.git', + mode='full', + method='fresh', + alwaysUseLatest=True, + haltOnFailure=True, + branch='master')) +lonelyness.addStep(ShellCommand(name="builder", + description="Lone compilation..", + descriptionDone="Compilation passed", + command=["make"], + workdir="build/taler-build", + env={'PATH': "${HOME}/local/bin:${PATH}", + 'TALER_CHECKDB': "postgres:///talercheck-${USER}"})) +lcov = BuildFactory() +lcov.addStep(Git(repourl='git://git.taler.net/deployment.git', + mode='full', + method='fresh', + alwaysUseLatest=True, + haltOnFailure=True, + branch='master')) +lcov.addStep(ShellCommand(name="invalidation", + description="Invalidating timestamps", + descriptionDone="timestamps invalidated", + command=["./invalidate.sh"], + workdir="build/taler-build")) +lcov.addStep(ShellCommand(name="builder", + description="Compiling..", + descriptionDone="lcov files generated", + command=["make", "lcov"], + workdir="build/taler-build")) + +autoClick = BuildFactory() +autoClick.addStep(ShellCommand(name="clicker", + description="Performing demo", + descriptionDone="Demo finished", + command=["launch_selenium_test.sh"], + env={'PATH': "${HOME}/deployment/docker/selenium:${PATH}"})) + +from buildbot.config import BuilderConfig + +c['builders'] = [] +c['builders'].append( + BuilderConfig(name="lone-builder", + workernames=["lonelySlave"], + factory=lonelyness)) +c['builders'].append( + BuilderConfig(name="lcov-build", + workernames=["lcovSlave"], + factory=lcov)) +c['builders'].append( + BuilderConfig(name="auto-click", + workernames=["containersSlave"], + factory=autoClick)) + + +####### STATUS TARGETS + +c['status'] = [] +from buildbot.plugins import util + +c['www'] = dict(port=8010, + plugins=dict(waterfall_view={}, + console_view={}), + auth=util.UserPasswordAuth({"marcello": "taler"})) + +####### PROJECT IDENTITY +c['title'] = "Taler" +c['titleURL'] = "https://taler.net/" + +c['buildbotURL'] = "https://buildbot.taler.net/" + +####### DB URL +c['db'] = { + 'db_url' : "sqlite:///state.sqlite", +} diff --git a/buildbot/master.cfg b/buildbot/master.cfg index 1103e9f..5d795f6 100644 --- a/buildbot/master.cfg +++ b/buildbot/master.cfg @@ -23,6 +23,7 @@ c['slaves'] = [BuildSlave("testGreenSlave", "taler"), c['protocols'] = {'pb': {'port': 9989}} ####### CHANGESOURCES +# They are just "pointers" to monitored codebases. from buildbot.changes.gitpoller import GitPoller @@ -45,6 +46,7 @@ c['change_source'].append(GitPoller( pollinterval=300)) ####### SCHEDULERS +# They take action: actually trigger the build. from buildbot.schedulers.basic import SingleBranchScheduler from buildbot.schedulers.forcesched import * @@ -74,6 +76,8 @@ selenium = Periodic( c['schedulers'] = [force, git_master, selenium] ####### BUILDERS +# They know *how* to build: which scripts need to be invoked, +# where in the filesystem.. from buildbot.process.factory import BuildFactory from buildbot.steps.source.git import Git diff --git a/config/demo.taler.net/taler.conf b/config/demo.taler.net/taler.conf index 38fe70a..a552ef1 100644 --- a/config/demo.taler.net/taler.conf +++ b/config/demo.taler.net/taler.conf @@ -9,9 +9,16 @@ CURRENCY = KUDOS [bank] uwsgi_serve = unix uwsgi_unixpath = $HOME/sockets/bank.uwsgi +uwsgi_unixpath_mode = 660 database = talerdemo +[bank-admin] +uwsgi_serve = unix +uwsgi_unixpath = $HOME/sockets/bank-admin.uwsgi +uwsgi_unixpath_mode = 660 + + [donations] uwsgi_serve = unix uwsgi_unixpath = $HOME/sockets/donations.uwsgi @@ -20,6 +27,7 @@ uwsgi_unixpath = $HOME/sockets/donations.uwsgi [blog] uwsgi_serve = unix uwsgi_unixpath = $HOME/sockets/blog.uwsgi +instance = FSF [merchant] @@ -41,6 +49,7 @@ MASTER_KEY = CQQZ9DY3MZ1ARMN5K1VKDETS04Y2QCKMMCFHZSWJWWVN82BTTH00 [frontends] BACKEND = https://shop.demo.taler.net/backend/ +FRACTION = 100000000 [exchange] @@ -163,16 +172,17 @@ fee_refund = KUDOS:0.01 rsa_keysize = 2048 - -[Tor-wireformat] +[merchant-instance-wireformat-Tor] TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/tor.json -[GNUnet-wireformat] +[merchant-instance-wireformat-GNUnet] TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/gnunet.json -[Taler-wireformat] +[merchant-instance-wireformat-Taler] TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/taler.json +[merchant-instance-wireformat-FSF] +TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/fsf.json [merchant-instance-Tor] KEYFILE = ${TALER_DATA_HOME}/merchant/tor.priv @@ -182,3 +192,6 @@ KEYFILE = ${TALER_DATA_HOME}/merchant/gnunet.priv [merchant-instance-Taler] KEYFILE = ${TALER_DATA_HOME}/merchant/taler.priv + +[merchant-instance-FSF] +KEYFILE = ${TALER_DATA_HOME}/merchant/fsf.priv diff --git a/config/demo.taler.net/taler/merchant/wire/test.json b/config/demo.taler.net/taler/merchant/wire/fsf.json index 0a2126e..0a2126e 100644 --- a/config/demo.taler.net/taler/merchant/wire/test.json +++ b/config/demo.taler.net/taler/merchant/wire/fsf.json diff --git a/config/demo.taler.net/taler/merchant/wire/tutorial.json b/config/demo.taler.net/taler/merchant/wire/tutorial.json new file mode 100644 index 0000000..c37fb38 --- /dev/null +++ b/config/demo.taler.net/taler/merchant/wire/tutorial.json @@ -0,0 +1,7 @@ +{ + "type": "test", + "bank_uri": "https://bank.demo.taler.net/", + "sig": "MERCHANTSIGNATURE", + "account_number": 7, + "salt": "SALT" +} diff --git a/config/generate-config b/config/generate-config new file mode 100755 index 0000000..78d52c6 --- /dev/null +++ b/config/generate-config @@ -0,0 +1,183 @@ +#!/usr/bin/env python3 +import click +import sys +from collections import OrderedDict +import json +import os + +sections = OrderedDict() + +def cfg_put(section_name, key, value): + s = sections[section_name] = sections.get(section_name, OrderedDict()) + s[key] = value + +def cfg_write(file): + for section_name, section in sections.items(): + file.write("[" + section_name + "]" + "\n") + for key, value in section.items(): + file.write(key + " = " + value + "\n") + file.write("\n") + +def coin(name, + currency, + value, + d_overlap="5 minutes", + d_withdraw="32 years", + d_spend="5 years", + d_legal="10 years", + f_withdraw="0.10", + f_deposit="0.10", + f_refresh="0.10", + f_refund="0.10", + rsa_keysize="2048"): + sec = "coin_"+currency+"_"+name + cfg_put(sec, "value", currency+":"+value) + cfg_put(sec, "duration_overlap", d_overlap) + cfg_put(sec, "duration_withdraw", d_withdraw) + cfg_put(sec, "duration_spend", d_spend) + cfg_put(sec, "duration_legal", d_legal) + cfg_put(sec, "fee_withdraw", f_withdraw) + cfg_put(sec, "fee_refresh", f_refresh) + cfg_put(sec, "fee_refund", f_refund) + cfg_put(sec, "rsa_keysize", rsa_keysize) + +def config(currency, envname, exchange_pub): + cfg_put("paths", "TALER_DEPLOYMENT_SHARED", "${HOME}/shared-data") + + cfg_put("taler", "CURRENCY", "PUDOS") + + cfg_put("bank", "uwsgi_serve", "unix") + cfg_put("bank", "uwsgi_unixpath", "$HOME/sockets/bank.uwsgi") + cfg_put("bank", "database", "talertest") + + cfg_put("donations", "uwsgi_serve", "unix") + cfg_put("donations", "uwsgi_unixpath", "$HOME/sockets/donations.uwsgi") + + cfg_put("blug", "uwsgi_serve", "unix") + cfg_put("blug", "uwsgi_unixpath", "$HOME/sockets/donations.uwsgi") + + + cfg_put("merchant", "WIREFORMAT", "test") + cfg_put("merchant", "SERVE", "unix") + cfg_put("merchant", "UNIXPATH", "$HOME/sockets/merchant.http") + cfg_put("merchant", "WIRE_TRANSFER_DELAY", "1 m") + + cfg_put("merchantdb-postgres", "CONFIG", "postgres:///taler") + + cfg_put("merchant-exchange-test", "URI", "https://exchange.{}.taler.net/".format(envname)) + cfg_put("merchant-exchange-test", "MASTER_KEY", exchange_pub) + + cfg_put("frontends", "BACKEND", "https://shop.{}.taler.net/backend/".format(envname)) + + cfg_put("exchange", "serve", "unix") + cfg_put("exchange", "unixpath", "$HOME/sockets/exchange.http") + cfg_put("exchange", "master_public_key", exchange_pub) + + cfg_put("exchange", "wireformat", "test") + cfg_put("exchange", "keydir", "${TALER_DEPLOYMENT_SHARED}/exchange/live-keys/") + + cfg_put("exchange-admin", "SERVE", "unix") + cfg_put("exchange-admin", "unixpath", "$HOME/sockets/exchange-admin.http") + + cfg_put("exchangedb-postgres", "DB_CONN_STR", "postgres:///talertest") + + cfg_put("exchange-wire-outgoing-test", "bank_uri", "https://bank.{}.taler.net/".format(envname)) + cfg_put("exchange-wire-outgoing-test", "bank_account_number", "1") + cfg_put("exchange-wire-outgoing-test", "exchange_account_number", "2") + + # how long is one signkey valid? + cfg_put("exchange_keys", "signkey_duration", "18 weeks") + + # how long are the signatures with the signkey valid? + cfg_put("exchange_keys", "legal_duration", "2 years") + + # how long do we generate denomination and signing keys + # ahead of time? + cfg_put("exchange_keys", "lookahead_sign", "32 weeks 1 day") + + cfg_put("exchange_keys", "lookahead_provide", "4 weeks 1 day") + + cfg_put("Tor-wireformat", "TEST_RESPONSE_FILE", "${TALER_CONFIG_HOME}/merchant/wire/tor.json") + cfg_put("GNUnet-wireformat", "TEST_RESPONSE_FILE", "${TALER_CONFIG_HOME}/merchant/wire/gnunet.json") + cfg_put("Taler-wireformat", "TEST_RESPONSE_FILE", "${TALER_CONFIG_HOME}/merchant/wire/taler.json") + + cfg_put("merchant-instance-Tor", "KEYFILE", "${TALER_DATA_HOME}/merchant/tor.priv") + cfg_put("merchant-instance-GNUnet", "KEYFILE", "${TALER_DATA_HOME}/merchant/gnunet.priv") + cfg_put("merchant-instance-Taler", "KEYFILE", "${TALER_DATA_HOME}/merchant/taler.priv") + + + coin(currency, "ct_10", "0.10") + coin(currency, "1", "1") + coin(currency, "2", "2") + coin(currency, "5", "5") + coin(currency, "10", "10") + coin(currency, "1000", "1000") + + +def merchant_wf(envname, instance_name, acct_no): + data = OrderedDict( + type="test", + bank_uri="https://bank.{}.taler.net/".format(envname), + sig="MERCHANTSIGNATURE", + account_number=acct_no, + salt="SALT" + ) + + return (instance_name, json.dumps(data, indent=2)) + +def exchange_wf(envname, wfname, acct_no, name): + data = OrderedDict( + name=name, + type=wfname, + bank_uri="https://bank.{}.taler.net/".format(envname), + account_number=acct_no) + return (wfname, json.dumps(data, indent=2)) + + + +@click.command() +@click.option("--currency", default="KUDOS") +@click.option("--envname", default="demo") +@click.option("--outdir", default=None) +@click.option("--exchange-pub", required=True) +def main(currency, envname, outdir, exchange_pub): + + config(currency, envname, exchange_pub) + + merchant_wireformats = [ + merchant_wf(envname, "gnunet", 4), + merchant_wf(envname, "taler", 5), + merchant_wf(envname, "tor", 3), + merchant_wf(envname, "test", 6), + ] + + exchange_wireformats = [ + exchange_wf(envname, "test", 2, "The exchange") + ] + + if outdir: + os.makedirs(outdir, exist_ok=True) + tc = os.path.join(outdir, "taler.conf") + cfg_write(open(tc, "w")) + + d = os.path.join(outdir, "taler", "merchant", "wire") + os.makedirs(d, exist_ok=True) + for name, data in merchant_wireformats: + f = open(os.path.join(d, name+".json"), "w") + f.write(data) + f.close() + + d = os.path.join(outdir, "taler", "exchange", "wire") + os.makedirs(d, exist_ok=True) + for name, data in exchange_wireformats: + # These files must be signed by the exchange in + # a later step + f = open(os.path.join(d, name+".unsigned.json"), "w") + f.write(data) + f.close() + else: + cfg_write(sys.stdout) + +if __name__ == "__main__": + main() + diff --git a/config/test.taler.net/taler.conf b/config/test.taler.net/taler.conf index e8814b5..751d046 100644 --- a/config/test.taler.net/taler.conf +++ b/config/test.taler.net/taler.conf @@ -8,9 +8,16 @@ CURRENCY = PUDOS [bank] uwsgi_serve = unix -uwsgi_unixpath = $HOME/sockets/bank.uwsgi database = talertest +uwsgi_unixpath = $HOME/sockets/bank.uwsgi +uwsgi_unixpath_mode = 660 +fraction = 100000000 + +[bank-admin] +uwsgi_serve = unix +uwsgi_unixpath = $HOME/sockets/bank-admin.uwsgi +uwsgi_unixpath_mode = 660 [donations] uwsgi_serve = unix @@ -20,6 +27,7 @@ uwsgi_unixpath = $HOME/sockets/donations.uwsgi [blog] uwsgi_serve = unix uwsgi_unixpath = $HOME/sockets/blog.uwsgi +instance = FSF [merchant] @@ -42,6 +50,7 @@ MASTER_KEY = CQQZ9DY3MZ1ARMN5K1VKDETS04Y2QCKMMCFHZSWJWWVN82BTTH00 [frontends] BACKEND = https://shop.test.taler.net/backend/ +FRACTION = 100000000 [exchange] @@ -93,7 +102,7 @@ duration_withdraw = 32 years duration_spend = 12 years duration_legal = 3 years fee_withdraw = PUDOS:0.01 -fee_deposit = PUDOS:0.01 +fee_deposit = PUDOS:1.01 fee_refresh = PUDOS:0.01 fee_refund = PUDOS:0.01 rsa_keysize = 1024 @@ -164,17 +173,6 @@ fee_refund = PUDOS:0.01 rsa_keysize = 2048 - -[Tor-wireformat] -TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/tor.json - -[GNUnet-wireformat] -TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/gnunet.json - -[Taler-wireformat] -TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/taler.json - - [merchant-instance-Tor] KEYFILE = ${TALER_DATA_HOME}/merchant/tor.priv @@ -183,3 +181,18 @@ KEYFILE = ${TALER_DATA_HOME}/merchant/gnunet.priv [merchant-instance-Taler] KEYFILE = ${TALER_DATA_HOME}/merchant/taler.priv + +[merchant-instance-FSF] +KEYFILE = ${TALER_DATA_HOME}/merchant/fsf.priv + +[merchant-instance-wireformat-Tor] +TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/tor.json + +[merchant-instance-wireformat-GNUnet] +TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/gnunet.json + +[merchant-instance-wireformat-Taler] +TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/taler.json + +[merchant-instance-wireformat-FSF] +TEST_RESPONSE_FILE = ${TALER_CONFIG_HOME}/merchant/wire/fsf.json diff --git a/config/test.taler.net/taler/merchant/wire/test.json b/config/test.taler.net/taler/merchant/wire/fsf.json index 3d62dc5..3d62dc5 100644 --- a/config/test.taler.net/taler/merchant/wire/test.json +++ b/config/test.taler.net/taler/merchant/wire/fsf.json diff --git a/config/test.taler.net/taler/merchant/wire/tutorial.json b/config/test.taler.net/taler/merchant/wire/tutorial.json new file mode 100644 index 0000000..700322d --- /dev/null +++ b/config/test.taler.net/taler/merchant/wire/tutorial.json @@ -0,0 +1,7 @@ +{ + "type": "test", + "bank_uri": "https://bank.test.taler.net/", + "sig": "MERCHANTSIGNATURE", + "account_number": 7, + "salt": "SALT" +} diff --git a/docker/TODO b/docker/TODO new file mode 100644 index 0000000..9fdaf00 --- /dev/null +++ b/docker/TODO @@ -0,0 +1,22 @@ +Missing containers: + +- "standalone" ones: they actually *run* the + service and may also link to configuration on + the host machine when they are launched. + +- frontends +- bank +- postgres (as a running service) + +Missing compositions: + +Ideally, the Docker setting should instantiate two +Taler flavours: + +- Self-contained testing: all components ready to be + tested by the automated clicker, AKA they are a replacement + for what runs at *.{test,demo}.taler.net + +- Ready-to-ship: a composition that instantiates a fully + operational exchange or merchant, according to the customer + needs. diff --git a/docker/base/Dockerfile b/docker/base/Dockerfile new file mode 100644 index 0000000..a067cfe --- /dev/null +++ b/docker/base/Dockerfile @@ -0,0 +1,34 @@ +FROM debian:unstable + +RUN apt-get update && apt-get install -qqy \ + git \ + build-essential \ + autoconf \ + autopoint \ + libtool \ + libgcrypt20 \ + libgcrypt20-dev \ + libidn11-dev \ + zlib1g-dev \ + libunistring-dev \ + libjansson-dev \ + libpq-dev \ + libmicrohttpd-dev \ + libcurl4-gnutls-dev + +RUN git clone https://gnunet.org/git/gnunet/ \ + && git clone https://gnunet.org/git/libmicrohttpd/ + +WORKDIR /gnunet + +RUN ./bootstrap \ + && ./configure --with-libgnurl=/usr/local/ \ + && make \ + && make install + +WORKDIR /libmicrohttpd + +RUN ./bootstrap \ + && ./configure --disable-doc \ + && make \ + && make install diff --git a/docker/base/README b/docker/base/README new file mode 100644 index 0000000..573f4ef --- /dev/null +++ b/docker/base/README @@ -0,0 +1,7 @@ +This image serves as a basis to build exchange and merchant +backend. It is responsible for installing the following packages: + +- GNUnet +- Libjansson +- Postgres +- ... diff --git a/docker/exchange/Dockerfile b/docker/exchange/Dockerfile new file mode 100644 index 0000000..471ebbe --- /dev/null +++ b/docker/exchange/Dockerfile @@ -0,0 +1,13 @@ +FROM taler/base + +RUN git clone git://taler.net/exchange + +WORKDIR exchange + +RUN ./bootstrap \ + && ./configure CFLAGS='-ggdb -O0' \ + --with-libgnurl=/usr/local \ + --with-microhttpd=/usr/local \ + --with-gnunet=/usr/local \ + && make \ + && make install diff --git a/docker/merchant/Dockerfile b/docker/merchant/Dockerfile new file mode 100644 index 0000000..6385c96 --- /dev/null +++ b/docker/merchant/Dockerfile @@ -0,0 +1,13 @@ +FROM taler/exchange + +RUN git clone git://taler.net/merchant /merchant + +WORKDIR /merchant + +RUN ./bootstrap \ + && ./configure CFLAGS='-ggdb -O0' \ + --with-gnunet=/usr/local \ + --with-exchange=/usr/local \ + --with-microhttpd=/usr/local \ + && make \ + && make install diff --git a/docker/postgres/README b/docker/postgres/README new file mode 100644 index 0000000..0f332a6 --- /dev/null +++ b/docker/postgres/README @@ -0,0 +1 @@ +This container is to run Postgres service diff --git a/docker/selenium/crxmake.sh b/docker/selenium/crxmake.sh deleted file mode 100755 index 539dbfc..0000000 --- a/docker/selenium/crxmake.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -e -# -# Purpose: Pack a Chromium extension directory into crx format -# Downloaded from https://developer.chrome.com/extensions/crx - -if test $# -ne 2; then - echo "Usage: crxmake.sh <extension dir> <pem path>" - exit 1 -fi - -dir=$1 -key=$2 -name=$(basename "$dir") -crx="$name.crx" -pub="$name.pub" -sig="$name.sig" -zip="$name.zip" -trap 'rm -f "$pub" "$sig" "$zip"' EXIT - -# zip up the crx dir -cwd=$(pwd -P) -(cd "$dir" && zip -qr -9 -X "$cwd/$zip" .) - -# signature -openssl sha1 -sha1 -binary -sign "$key" < "$zip" > "$sig" - -# public key -openssl rsa -pubout -outform DER < "$key" > "$pub" 2>/dev/null - -byte_swap () { - # Take "abcdefgh" and return it as "ghefcdab" - echo "${1:6:2}${1:4:2}${1:2:2}${1:0:2}" -} - -crmagic_hex="4372 3234" # Cr24 -version_hex="0200 0000" # 2 -pub_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$pub" | awk '{print $5}'))) -sig_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$sig" | awk '{print $5}'))) -( - echo "$crmagic_hex $version_hex $pub_len_hex $sig_len_hex" | xxd -r -p - cat "$pub" "$sig" "$zip" -) > "$crx" -echo "Wrote $crx" diff --git a/docker/selenium/launch_chrome_container.sh b/docker/selenium/launch_chrome_container.sh deleted file mode 100755 index b24612a..0000000 --- a/docker/selenium/launch_chrome_container.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --name big_heap -e JAVA_OPTS=-Xmx1g -d -p 4444:4444 selenium/standalone-chrome-debug diff --git a/docker/selenium/launch_selenium_test.sh b/docker/selenium/launch_selenium_test.sh deleted file mode 100755 index ac30ecb..0000000 --- a/docker/selenium/launch_selenium_test.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Takes only the docker-machine's IP address, assuming that the -# chrome-docker service runs on port 4444 - -# FIXME use getopt -TEMP=`getopt -o r: --long docker-ip: -n 'launch_selenium_test.sh' -- "$@"` -eval set -- "$TEMP" - -if test "$1" != '--docker-ip'; then - IP=$(docker-machine ip) -else - IP=$2 -fi - - -# update wallet -(cd $HOME/wallet-webex && git pull && tsc) - -# build crx file -$HOME/deployment/docker/selenium/crxmake.sh $HOME/wallet-webex private.pem - -# call python3 selenium script -python3 $HOME/wallet-webex/selenium/test.py --ext $HOME/wallet-webex.crx --remote http://$IP:4444/wd/hub diff --git a/docker/taler-full/README b/docker/taler-full/README index 77c66db..d5316aa 100644 --- a/docker/taler-full/README +++ b/docker/taler-full/README @@ -1,15 +1,2 @@ -Build the image corresponding to the Dockerfile in this directory -by issuing (from this directory): - -$ docker build -t taler . - -Then instantiate the exchange's container with the following command: - -$ docker run taler launch_exchange - -and the merchant container with the following command: - -$ docker run taler launch_merchant - -Please note that the communication between containers is still to be -configured +OBSOLETE. Kept around for the sole purpose of grasping +commands from it. diff --git a/etc/nginx/sites-available/www.git-ssl.site b/etc/nginx/sites-available/www.git-ssl.site new file mode 100644 index 0000000..4ac7cfa --- /dev/null +++ b/etc/nginx/sites-available/www.git-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + include conf.d/talerssl; + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-available/www.git.site b/etc/nginx/sites-available/www.git.site new file mode 100644 index 0000000..26679be --- /dev/null +++ b/etc/nginx/sites-available/www.git.site @@ -0,0 +1,24 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site index b712190..c231f78 100644 --- a/etc/nginx/sites-enabled/demo.site +++ b/etc/nginx/sites-enabled/demo.site @@ -43,6 +43,20 @@ server { } } +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name backend.demo.taler.net; + ssi on; + include conf.d/test.redirects; + include conf.d/talerssl; + + location / { + proxy_pass http://unix:/home/demo/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} server { listen 443 ssl; @@ -102,16 +116,12 @@ server { include conf.d/demo.redirects; include conf.d/talerssl; - location / { - uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; + location /admin/add/incoming { + uwsgi_pass unix:/home/demo/sockets/bank-admin.uwsgi; include /etc/nginx/uwsgi_params; } - location /admin/add/incoming { - allow 127.0.0.1; - allow 131.254.145.3; - allow 2001:660:7303:145::2; - deny all; + location / { uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; include /etc/nginx/uwsgi_params; } diff --git a/etc/nginx/sites-enabled/envs.site b/etc/nginx/sites-enabled/envs.site new file mode 100644 index 0000000..157b518 --- /dev/null +++ b/etc/nginx/sites-enabled/envs.site @@ -0,0 +1,18 @@ +server { + listen 80; + listen [::]:80; + server_name envs.taler.net; + rewrite ^ https://$host$request_uri? permanent; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name envs.taler.net; + root /dev/null; + include conf.d/talerssl; + location ~ ^/(?<user>[a-zA-Z0-9-_]+)/ { + return 200 "hello"; + } +} diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site index 338dde4..d54418c 100644 --- a/etc/nginx/sites-enabled/git-ssl.site +++ b/etc/nginx/sites-enabled/git-ssl.site @@ -4,11 +4,25 @@ server { # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/git; - # Make site accessible from http://localhost/ server_name git.taler.net; include conf.d/talerssl; + location ~ ^(.*?)\.git/(HEAD|info/refs|objects/.*|git-upload-pack)$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_PROJECT_ROOT /home/git/repositories; + fastcgi_param PATH_INFO $uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location /cgit { + root /var/www; + } + location / { - autoindex off; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; } } diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site index c57e618..4c0c9ea 100644 --- a/etc/nginx/sites-enabled/git.site +++ b/etc/nginx/sites-enabled/git.site @@ -4,10 +4,7 @@ server { # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/git; - # Make site accessible from http://localhost/ server_name git.taler.net; - location / { - autoindex off; - } + rewrite ^ https://$server_name$request_uri? permanent; } diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index dbfc748..9de7af4 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -67,6 +67,20 @@ server { include conf.d/favicon_robots; } +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name backend.test.taler.net; + ssi on; + include conf.d/test.redirects; + include conf.d/talerssl; + + location / { + proxy_pass http://unix:/home/test/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} server { listen 443 ssl; @@ -101,11 +115,7 @@ server { include conf.d/talerssl; location /admin/add/incoming { - allow 127.0.0.1; - allow 131.254.145.3; - allow 2001:660:7303:145::2; - deny all; - uwsgi_pass unix:/home/test/sockets/bank.uwsgi; + uwsgi_pass unix:/home/test/sockets/bank-admin.uwsgi; include /etc/nginx/uwsgi_params; } diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site index 6037582..605f45e 100644 --- a/etc/nginx/sites-enabled/www-ssl.site +++ b/etc/nginx/sites-enabled/www-ssl.site @@ -35,4 +35,8 @@ server { root /var/www; autoindex on; } + + location /files { + root /var/www; + } } diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site index 4ac7cfa..5ba4831 100644 --- a/etc/nginx/sites-enabled/www.git-ssl.site +++ b/etc/nginx/sites-enabled/www.git-ssl.site @@ -1,25 +1,11 @@ server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - # Make site accessible from http://localhost/ + root /var/git; server_name www.git.taler.net; - include conf.d/talerssl; - location /index.cgi { - root /usr/share/gitweb/; - - include fastcgi_params; - gzip off; - fastcgi_param SCRIPT_NAME $uri; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location / { - root /usr/share/gitweb/; - index index.cgi; - } + rewrite ^ https://git.taler.net/ permanent; } diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site index 26679be..645923f 100644 --- a/etc/nginx/sites-enabled/www.git.site +++ b/etc/nginx/sites-enabled/www.git.site @@ -1,24 +1,10 @@ server { - listen 80; + listen 80; listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - # Make site accessible from http://localhost/ + root /var/git; server_name www.git.taler.net; - - location /index.cgi { - root /usr/share/gitweb/; - - include fastcgi_params; - gzip off; - fastcgi_param SCRIPT_NAME $uri; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location / { - root /usr/share/gitweb/; - index index.cgi; - } + rewrite ^ https://git.taler.net/ permanent; } diff --git a/githooks/update b/githooks/update deleted file mode 100644 index 47934c7..0000000 --- a/githooks/update +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -set -ue - -refname="$1" -oldrev="$2" -newrev="$3" - -if [ -z "${1+x}" ] || [ -z "${2+x}" ] || [ -z "${3+x}" ]; then - echo "Usage: $0 REFNAME OLDREV NEWREF" - exit 1 -fi - - -[[ -z "$(git rev-list --max-count 1 "$oldrev".."$newrev" || echo "fail")" ]] -is_ff=$? - -if $is_ff; then - # always allow fast forwards - exit 0 -fi - -if [[ "$refname" != refs/heads/master ]]; then - # allow force-pushing if it's not master - exit 0 -fi - -case $USER in -*) - exit 1 - ;; -esac diff --git a/selenium/launch_chrome_container b/selenium/launch_chrome_container new file mode 100755 index 0000000..42935f2 --- /dev/null +++ b/selenium/launch_chrome_container @@ -0,0 +1,4 @@ +#!/bin/bash + +# If container runs out of heap space, add '-e JAVA_OPTS=-Xmx2g' +docker run --name container_chrome -d -p 4444:4444 selenium/standalone-chrome-debug diff --git a/selenium/launch_selenium_test b/selenium/launch_selenium_test new file mode 100755 index 0000000..750505e --- /dev/null +++ b/selenium/launch_selenium_test @@ -0,0 +1,23 @@ +#!/bin/bash + +# update wallet and pack extension +(cd $HOME/wallet-webex \ + && git pull \ + && ./configure \ + && make \ + && xvfb-run chromium --pack-extension $HOME/wallet-webex) + +eval $(docker-machine env) + +# Get fresh image +if docker restart container_chrome > /dev/null; +then echo "Chrome container succesfully restarted"; +fi + +# Give time to container to get fully operational +sleep 2 + +# call python3 selenium script +python3 $HOME/wallet-webex/selenium/withdraw_buy.py \ + --ext=$HOME/ext.crx \ + --remote=http://$(docker-machine ip):4444/wd/hub diff --git a/taler-arm/taler-demobank-admin.conf b/taler-arm/taler-demobank-admin.conf new file mode 100644 index 0000000..c9fa207 --- /dev/null +++ b/taler-arm/taler-demobank-admin.conf @@ -0,0 +1,4 @@ +[taler-demobank-admin] +TYPE = simple +BINARY = taler-bank-manage +OPTIONS = --admin serve-uwsgi diff --git a/taler-arm/taler-exchange.conf b/taler-arm/taler-exchange.conf index 3bbebde..08d5a0d 100644 --- a/taler-arm/taler-exchange.conf +++ b/taler-arm/taler-exchange.conf @@ -1,3 +1,4 @@ [taler-exchange] TYPE = simple BINARY = taler-exchange-httpd +OPTIONS = -l $HOME/logs/exchange-%Y-%m-%d.log diff --git a/taler-arm/taler-merchant.conf b/taler-arm/taler-merchant.conf index 824a4cc..acfd354 100644 --- a/taler-arm/taler-merchant.conf +++ b/taler-arm/taler-merchant.conf @@ -1,3 +1,4 @@ [taler-merchant] TYPE = simple BINARY = taler-merchant-httpd +OPTIONS = -l $HOME/logs/merchant-%Y-%m-%d.log diff --git a/taler-build/update_exchange.sh b/taler-build/update_exchange.sh index b2544ba..b9c48b9 100755 --- a/taler-build/update_exchange.sh +++ b/taler-build/update_exchange.sh @@ -18,4 +18,4 @@ git reset --hard FETCH_HEAD --enable-logging=verbose make make install -TALER_EXCHANGEDB_POSTGRES_CONFIG=$TALER_CHECKDB make check +TALER_EXCHANGEDB_POSTGRES_CONFIG=$TALER_CHECKDB TALER_AUDITORDB_POSTGRES_CONFIG=$TALER_CHECKDB make check diff --git a/taler-build/update_gnunet.sh b/taler-build/update_gnunet.sh index c2201ba..c1a013e 100755 --- a/taler-build/update_gnunet.sh +++ b/taler-build/update_gnunet.sh @@ -6,6 +6,6 @@ cd $HOME/gnunet/ svn revert -R . svn update ./bootstrap -./configure --prefix=$HOME/local --enable-logging=verbose --with-libgnurl=$HOME/local --with-microhttps=$HOME/local +./configure --prefix=$HOME/local --enable-logging=verbose --with-libgnurl=$HOME/local --with-microhttpd=$HOME/local make make install |