blob: 59c0689d86dc7f44a12e0fdb3db486d7d25c3f28 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
#!/bin/bash
# Prepare a deployment for execution:
# * generate the configuration and setup database
# * put keys in the right place
# * set bank password for the exchange
# * sign the exchange's wire response
# * run some sanity checks (FIXME: not done yet!)
set -eu
source "$HOME/activate"
if [[ -z ${TALER_ENV_NAME+x} ]]; then
echo "TALER_ENV_NAME not set"
exit 1
fi
if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then
echo "TALER_CONFIG_CURRENCY not set"
exit 1
fi
function generate_config() {
EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
mkdir -p "$HOME/.config"
taler-deployment-config-generate \
--exchange-pub "$EXCHANGE_PUB" \
--currency "$TALER_CONFIG_CURRENCY" \
--outdir "$HOME/.config" \
--envname "$TALER_ENV_NAME"
}
##
## Step 1: Generate config
##
case $TALER_ENV_NAME in
tanker|demo|test|int|local)
generate_config
;;
*)
echo "Not generating config for env $TALER_ENV_NAME"
;;
esac
##
## Step 1b: initialize database
##
taler-exchange-dbinit
##
## Step 2: Copy key material and update denom keys
##
# For demo, make sure the link to shared data between demo-blue and demo-green is
# set up properly.
case $TALER_ENV_NAME in
demo)
echo "linking taler-data"
ln -sfT ~demo/shared-data ~/taler-data
# Check if we won't mess up permissions later
if [[ ! -g ~/taler-data ]]; then
echo "the shared-data directory should have the set-group-id bit set"
exit 1
fi
;;
esac
case $TALER_ENV_NAME in
demo|test|int|local)
EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file)
if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then
EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE")
if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then
echo "Warning: Different exchange private key already exists, not copying"
fi
else
mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")"
cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE"
fi
;;
*)
echo "Not copying key material for env $TALER_ENV_NAME"
;;
esac
EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key)
taler-auditor-exchange \
-m "$EXCHANGE_MASTER_PUB" \
-u "$(taler-config -s exchange -o base_url)" || true
# Make configuration accessible to auditor
chmod 750 "$HOME/.config"
##
## Step 3: Set up the exchange key material
##
taler-deployment-arm -s
# Quickly start+shutdown exchange httpd and crypto SM helpers
taler-deployment-arm -i taler-exchange
taler-deployment-arm -i taler-exchange-secmod-rsa
taler-deployment-arm -i taler-exchange-secmod-eddsa
sleep 2 # FIXME: poll keys?
if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
echo "Exchange didn't start, cannot set up keys"
exit 1
fi
taler-exchange-offline download sign upload
payto_uri=$(taler-config -s exchange-account-1 -o payto_uri)
taler-exchange-offline enable-account "$payto_uri" upload
# Set up wire fees for next 5 years
year=$(date +%Y)
curr=$TALER_CONFIG_CURRENCY
for y in $(seq $year $((year + 5))); do
taler-exchange-offline wire-fee $y x-taler-bank "$curr:0.01" "$curr:0.01" upload
done
##
## Step 4: Set up the bank
##
case $TALER_ENV_NAME in
demo|test|int|local|tanker)
taler-bank-manage django provide_accounts
taler-bank-manage django changepassword_unsafe Exchange x
taler-bank-manage django changepassword_unsafe Survey x
;;
*)
echo "Not setting unsafe Exchange bank account password for env $TALER_ENV_NAME"
;;
esac
##
## Step 5: Adjust some permissions
##
case $TALER_ENV_NAME in
demo|test|int)
# Make sure the web server can read ~/local
chmod og+rx ~/local
# Make sure that shared files created by this user
# are group writable and readable.
find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \;
;;
*)
;;
esac
##
## Step 6: Set up merchant
##
taler-merchant-dbinit
# Configure merchant instances.
taler-deployment-arm -s
if taler-deployment-arm -I | grep "^taler-merchant" > /dev/null; then
echo "Merchant backend runs already, please call 'taler-deployment-config-instances' manually"
exit
fi
# Quickly start+shutdown a merchant process.
taler-deployment-arm -i taler-merchant
sleep 2
if ! taler-deployment-arm -I | grep "^taler-merchant" | grep "status=started" > /dev/null; then
echo "Merchant didn't start, cannot configure instances."
exit 1
fi
taler-deployment-config-instances
taler-deployment-arm -k taler-merchant
taler-deployment-arm -e
|
