diff options
-rwxr-xr-x | bin/taler-deployment-config-generate | 30 | ||||
-rwxr-xr-x | bin/taler-deployment-keyup | 136 | ||||
-rwxr-xr-x | bin/taler-deployment-prepare | 84 | ||||
-rwxr-xr-x | bin/taler-deployment-sign | 25 |
4 files changed, 69 insertions, 206 deletions
diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate deleted file mode 100755 index 73de882..0000000 --- a/bin/taler-deployment-config-generate +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Generate the taler configuration based on environment variables. -# These variables are usually defined in $HOME/activate. -# Some configuration files still need to be signed with taler-deployment-config-sign. -# It overwrites previous config files. -# -# - -set -eu - -if [[ -z ${TALER_ENV_NAME+x} ]]; then - echo "TALER_ENV_NAME not set" - exit 1 -fi - -if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then - echo "TALER_CONFIG_CURRENCY not set" - exit 1 -fi - -EXCHANGE_PUB=$(gnunet-ecc -p $HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv) - -mkdir -p $HOME/.config - -$HOME/deployment/config/generate-config \ - --exchange-pub "$EXCHANGE_PUB" \ - --currency "$TALER_CONFIG_CURRENCY" \ - --outdir $HOME/.config \ - --envname "$TALER_ENV_NAME" diff --git a/bin/taler-deployment-keyup b/bin/taler-deployment-keyup deleted file mode 100755 index dc8c62c..0000000 --- a/bin/taler-deployment-keyup +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/env bash - -# Generate denomination keys and get them -# signed by the auditor. - -set -eu - -if test -z $TALER_ENV_NAME; then - echo Please run 'source $HOME/activate' first. - exit 1 -fi - -if ! test -f $HOME/.config/taler.conf; then - echo "Please generate config file first (taler-deployment-config-generate)" - exit 1 -fi - -DATESALT=$(date +%s%N) -AUDITOR_REQUEST_DIR=$(taler-config -s exchangedb -o auditor_inputs -f) -AUDITOR_BASE_DIR=$(taler-config -s exchangedb -o auditor_base_dir -f) -AUDITOR_PRIV=$(taler-config -s auditor -o auditor_priv_file -f) -EXCHANGE_PUB=$(taler-config -s exchange -o master_public_key) -EXCHANGE_URL=$(taler-config -s exchange -o base_url) -EXCHANGE_LIVE_KEYS=$(taler-config -s exchange -o keydir -f) -EXCHANGE_WIREFEES=$(taler-config -s exchangedb -o wirefee_base_dir -f) -EXCHANGE_PRIV=$(taler-config -s exchange -o master_priv_file -f) - -MERCHANT_TIP_RESERVE_PRIV=$(taler-config -s instance-default -o tip_reserve_priv_filename -f) -MERCHANT_DEFAULT_PRIV=$(taler-config -s instance-default -o keyfile -f) -MERCHANT_TUTORIAL_PRIV=$(taler-config -s instance-Tutorial -o keyfile -f) -MERCHANT_TOR_PRIV=$(taler-config -s instance-Tor -o keyfile -f) -MERCHANT_TALER_PRIV=$(taler-config -s instance-Taler -o keyfile -f) -MERCHANT_FSF_PRIV=$(taler-config -s instance-FSF -o keyfile -f) -MERCHANT_GNUNET_PRIV=$(taler-config -s instance-GNUnet -o keyfile -f) - -# Deploying merchant tip-reserve priv. -if ! test -f $MERCHANT_TIP_RESERVE_PRIV ; then - mkdir -p $(dirname $MERCHANT_TIP_RESERVE_PRIV) - cp $HOME/deployment/private-keys/default-tip.priv $MERCHANT_TIP_RESERVE_PRIV - chmod 660 $MERCHANT_TIP_RESERVE_PRIV -fi - -# Deploying merchant default priv. -if ! test -f $MERCHANT_DEFAULT_PRIV ; then - mkdir -p $(dirname $MERCHANT_DEFAULT_PRIV) - cp $HOME/deployment/private-keys/default.priv $MERCHANT_DEFAULT_PRIV - chmod 660 $MERCHANT_DEFAULT_PRIV -fi - -# Deploying merchant tutorial priv. -if ! test -f $MERCHANT_TUTORIAL_PRIV ; then - mkdir -p $(dirname $MERCHANT_TUTORIAL_PRIV) - cp $HOME/deployment/private-keys/tutorial.priv $MERCHANT_TUTORIAL_PRIV - chmod 660 $MERCHANT_TUTORIAL_PRIV -fi - -# Deploying merchant Tor priv. -if ! test -f $MERCHANT_TOR_PRIV ; then - mkdir -p $(dirname $MERCHANT_TOR_PRIV) - cp $HOME/deployment/private-keys/tor.priv $MERCHANT_TOR_PRIV - chmod 660 $MERCHANT_TOR_PRIV -fi - -# Deploying merchant Taler priv. -if ! test -f $MERCHANT_TALER_PRIV ; then - mkdir -p $(dirname $MERCHANT_TALER_PRIV) - cp $HOME/deployment/private-keys/taler.priv $MERCHANT_TALER_PRIV - chmod 660 $MERCHANT_TALER_PRIV -fi - -# Deploying merchant FSF priv. -if ! test -f $MERCHANT_FSF_PRIV ; then - mkdir -p $(dirname $MERCHANT_FSF_PRIV) - cp $HOME/deployment/private-keys/fsf.priv $MERCHANT_FSF_PRIV - chmod 660 $MERCHANT_FSF_PRIV -fi - -# Deploying merchant GNUnet priv. -if ! test -f $MERCHANT_GNUNET_PRIV ; then - mkdir -p $(dirname $MERCHANT_GNUNET_PRIV) - cp $HOME/deployment/private-keys/gnunet.priv $MERCHANT_GNUNET_PRIV - chmod 660 $MERCHANT_GNUNET_PRIV -fi - - -# Deploying Exchange's priv. -if ! test -f $EXCHANGE_PRIV ; then - mkdir -p $(dirname $EXCHANGE_PRIV) - cp $HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv $EXCHANGE_PRIV - chmod 660 $EXCHANGE_PRIV -fi - -# Deploying Auditor's priv. -if ! test -f $AUDITOR_PRIV; then - mkdir -p $(dirname $AUDITOR_PRIV) - cp $HOME/deployment/private-keys/auditor.priv $AUDITOR_PRIV - chmod 660 $AUDITOR_PRIV -fi - -mkdir -p $AUDITOR_REQUEST_DIR -taler-exchange-keyup \ - -m $EXCHANGE_PRIV \ - -o $AUDITOR_REQUEST_DIR/auditor_request-${DATESALT} - -# or-ing with true as user A won't be able to -# change permissions for user B's files. - -# MARCELLO: this BREAKS stuff badly, as you are -# removing the 'x' from directories, making them -# unreadable! Do not use -R so blindly, this -# MUST only be done on files! -#chmod -R 660 $EXCHANGE_LIVE_KEYS/* || true - -#chmod -R 660 $EXCHANGE_WIREFEES/* || true - -taler-auditor-exchange \ - -m $EXCHANGE_PUB \ - -u $EXCHANGE_URL || ret=$? -ret=${ret:-0} - -if [[ "$ret" != 4 ]] && [[ "$ret" != 0 ]]; then - echo "unexpected exit code ($ret) of taler-auditor-exchange" >&2 - exit 1 -fi - -# Checks whether any denom key was generated, and -# only sign it if so. -if [[ -s $AUDITOR_REQUEST_DIR/auditor_request-${DATESALT} ]]; then - echo "Signing key material by auditor.." - taler-auditor-sign \ - -u $TALER_ENV_URL_AUDITOR \ - -m $EXCHANGE_PUB \ - -r "$AUDITOR_REQUEST_DIR/auditor_request-${DATESALT}" \ - -o "$AUDITOR_BASE_DIR/$DATESALT" \ - -c ${HOME}/.config/taler.conf -fi diff --git a/bin/taler-deployment-prepare b/bin/taler-deployment-prepare index dae504d..463163b 100755 --- a/bin/taler-deployment-prepare +++ b/bin/taler-deployment-prepare @@ -1,9 +1,15 @@ #!/bin/bash +# Prepare a deployment for execution: +# * generate the configuration +# * put keys in the right place +# * sign the exchange's wire response +# * run some sanity checks (FIXME: not done yet!) + set -eu usage() { - echo "Usage: $0 ENVNAME" + echo "Usage: $0" } if [ -z ${1+x} ]; then @@ -11,25 +17,73 @@ if [ -z ${1+x} ]; then exit 1 fi -$HOME/deployment/bootstrap-taler $1 - source $HOME/activate -taler-deployment-build -echo "All Taler built." - -taler-deployment-generate-config -echo "Configuration got generated." +if [[ -z ${TALER_ENV_NAME+x} ]]; then + echo "TALER_ENV_NAME not set" + exit 1 +fi -if test "demo" = $1; then - echo "Please set up manually the shared data between demo-blue/green" - exit 0 +if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then + echo "TALER_CONFIG_CURRENCY not set" + exit 1 fi +function generate_config() { + EXCHANGE_PUB=$(gnunet-ecc -p $HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv) + + mkdir -p $HOME/.config + + $HOME/deployment/config/generate-config \ + --exchange-pub "$EXCHANGE_PUB" \ + --currency "$TALER_CONFIG_CURRENCY" \ + --outdir $HOME/.config \ + --envname "$TALER_ENV_NAME" +} + +## +## Step 1: Generate config +## + +case $TALER_ENV_NAME in + demo|test|int) + generate_config + ;; + *) + echo "Not generating config for env $TALER_ENV_NAME" + ;; +esac + taler-deployment-keyup -echo "Keys generated." -taler-deployment-sign -echo "/wire response signed." -echo "All services can be launched with taler-deployment-start now." +## +## Step 2: Copy key material and update denom keys +## + + +case $TALER_ENV_NAME in + demo|test|int) + generate_config + ;; + *) + echo "Not copying private keys for env $TALER_ENV_NAME" + ;; +esac + +taler-exchange-keyup + + +## +## Step 3: Sign the exchange's wire information +## + +WIRE_RESPONSE=$(taler-config -s exchange-account-1 -o wire_response -f) + +if test -e "$WIRE_RESPONSE"; then + echo "Will not override that wire response file ($WIRE_RESPONSE); exiting." + exit 0 +fi + +taler-exchange-wire +chmod 770 $WIRE_RESPONSE diff --git a/bin/taler-deployment-sign b/bin/taler-deployment-sign deleted file mode 100755 index 011e0d0..0000000 --- a/bin/taler-deployment-sign +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -# Sign exchange wire response - -set -eu - -if test -z $TALER_ENV_NAME; then - echo Please run 'source $HOME/activate' first. - exit 1 -fi - -if ! test -f $HOME/.config/taler.conf; then - echo "Please generate config file first (taler-deployment-config-generate)" - exit 1 -fi - -WIRE_RESPONSE=$(taler-config -s account-1 -o wire_response -f) - -if test -e "$WIRE_RESPONSE"; then - echo "Will not override that wire response file ($WIRE_RESPONSE); exiting." - exit 0 -fi - -taler-exchange-wire -chmod 770 $WIRE_RESPONSE |