diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-06-20 14:59:39 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-06-20 14:59:39 +0200 |
commit | d825d724a5d3a9dd8436bc9ea4f383293326a078 (patch) | |
tree | 08325880989e8b38065295a2257b1e95a3ba92ec | |
parent | 14794a1a243236f76c45323bc5b178c4579e39c1 (diff) | |
download | docs-d825d724a5d3a9dd8436bc9ea4f383293326a078.tar.gz docs-d825d724a5d3a9dd8436bc9ea4f383293326a078.tar.bz2 docs-d825d724a5d3a9dd8436bc9ea4f383293326a078.zip |
-update man pages
43 files changed, 2230 insertions, 1168 deletions
diff --git a/man/libeufin-nexus.1 b/man/libeufin-nexus.1 new file mode 100644 index 00000000..f82ef7d0 --- /dev/null +++ b/man/libeufin-nexus.1 @@ -0,0 +1,174 @@ +.\" Man page generated from reStructuredText. +. +.TH "LIBEUFIN-NEXUS" "1" "Jun 20, 2022" "0.8" "GNU Taler" +.SH NAME +libeufin-nexus \- sevice to interface to various bank access APIs +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBlibeufin\-nexus\fP +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-\-version\fP] +COMMAND [ARGS...] +.sp +Commands: serve, superuser, parse\-camt, reset\-tables +.SH DESCRIPTION +.sp +\fBlibeufin\-nexus\fP is a program that provides a service to interface to +various bank access APIs, using JSON as the response format. +It maintains state in its own private database. +You interact with it through HTTP +requests either over the network or via a Unix domain socket. +Related program \fBlibeufin\-cli\fP is the preferred front end +for that mode of operation. +There is also a mode where \fBlibeufin\-nexus\fP accepts commands directly, +useful for doing administrative tasks. +.sp +Its options are as follows: +.INDENT 0.0 +.TP +\fB\-h\fP | \fB\-\-help\fP +Print short help on options. +.TP +\fB–version\fP +Print version information. +.UNINDENT +.sp +The interaction model is as follows: +.INDENT 0.0 +.IP \(bu 2 +Configure the nexus with command \fBsuperuser\fP\&. +.IP \(bu 2 +Start the HTTP server with command \fBserve\fP\&. +Let this run in a shell, writing logs to stderr. +.IP \(bu 2 +Interact with \fBlibeufin\-nexus\fP\&. +.IP \(bu 2 +When finished, interrupt the \fBserve\fP process and clean up with command +\fBreset\-tables\fP\&. +.UNINDENT +.sp +The following sections describe each command in detail. +.SS superuser +.sp +This command adds a superuser, or changes the password. +It takes argument \fBUSERNAME\fP\&. +Option \fB\-\-password TEXT\fP specifies the password. +If omitted, \fBlibeufin\-nexus\fP will query interactively for it. +.sp +For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ libeufin\-nexus superuser joe +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +This creates superuser \fBjoe\fP and interactively queries for the password. +.SS parse\-camt +.sp +This command parses a camt file and displays the result to stdout. +It takes argument \fBFILENAME\fP, which names a file in CAMT format. +Parsing may also display log information to stderr. +The normal log level is \fBDEBUG\fP\&. +To change it, use \fB\-\-log\-level LEVEL\fP, where \fBLEVEL\fP is one of: +\fBERROR\fP, \fBWARN\fP, \fBINFO\fP, \fBDEBUG\fP, \fBTRACE\fP\&. +.sp +For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ libeufin\-nexus parse\-camt camt53\-gls\-style\-0.xml +{ + "transactions" : [ { + "amount" : "EUR:2.35", + "creditDebitIndicator" : "DBIT", + ... + } ] +} +.ft P +.fi +.UNINDENT +.UNINDENT +.SS serve +.sp +This command starts the HTTP server, listening on port 5001. +To use a different port, use option \fB\-\-port INT\fP\&. +To listen, instead, on a Unix domain socket, +use option \fB\-\-with\-unix\-socket PATH\fP\&. +When both \fB\-\-port\fP and \fB\-\-with\-unix\-socket\fP are given, +\fB\-\-with\-unix\-socket\fP takes precedence. +.sp +The process runs in the foreground, writing its logs to standard error. +The normal log level is \fBDEBUG\fP\&. +To change it, use \fB\-\-log\-level LEVEL\fP, where \fBLEVEL\fP is one of: +\fBERROR\fP, \fBWARN\fP, \fBINFO\fP, \fBDEBUG\fP, \fBTRACE\fP\&. +.sp +Before invoking \fBserve\fP, the following environment variable needs to be set: +.INDENT 0.0 +.TP +.B \fBLIBEUFIN_NEXUS_DB_CONNECTION\fP +This specifies the database \fBlibeufin\-nexus\fP uses to maintain state. +Currently, both Sqlite and PostgreSQL are supported. +(Only one needs to be specified.) +Examples: +.INDENT 7.0 +.IP \(bu 2 +\fBjdbc:sqlite:/tmp/libeufin\-nexus.db\fP +.IP \(bu 2 +\fBjdbc:postgresql://localhost:5432/libeufindb?user=Foo&password=secret\fP +.UNINDENT +.UNINDENT +.sp +Normally, the \fBserve\fP command runs until interrupted. +When run in a shell, you can use \fBControl\-C\fP for that. +.SS reset\-tables +.sp +This command drops all the tables in the internal database. +(The next time the tables are needed, \fBlibeufin\-nexus\fP creates them +again, automatically.) +.sp +It should only be used when the nexus is quiescent. +.SH SEE ALSO +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.taler.net\fP or by sending electronic +mail to <\fI\%taler@gnu.org\fP>. +.SH AUTHOR +GNU Taler contributors +.SH COPYRIGHT +2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/man/libeufin-sandbox.1 b/man/libeufin-sandbox.1 new file mode 100644 index 00000000..d539c11f --- /dev/null +++ b/man/libeufin-sandbox.1 @@ -0,0 +1,243 @@ +.\" Man page generated from reStructuredText. +. +.TH "LIBEUFIN-SANDBOX" "1" "Jun 20, 2022" "0.8" "GNU Taler" +.SH NAME +libeufin-sandbox \- simulate core banking system with EBICS access to bank accounts +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBlibeufin\-sandbox\fP +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-\-version\fP] +COMMAND [ARGS...] +.sp +Commands: serve, reset\-tables, config, make\-transaction, camt053tick +default\-exchange +.SH DESCRIPTION +.sp +\fBlibeufin\-sandbox\fP is a program to simulate a banking system core +with EBICS access to bank accounts. +It maintains state in its own private database. +You interact with it through HTTP +requests either over the network or via a Unix domain socket. +Related program \fBlibeufin\-cli\fP is the preferred front end +for that mode of operation. +There is also a mode where \fBlibeufin\-sandbox\fP accepts commands directly, +useful for configuring one or more "demobank" (simulated bank) instances. +.sp +Its options are as follows: +.INDENT 0.0 +.TP +\fB\-h\fP | \fB\-\-help\fP +Print short help on options. +.TP +\fB–version\fP +Print version information. +.UNINDENT +.sp +The interaction model is as follows: +.INDENT 0.0 +.IP \(bu 2 +Configure the sandbox with commands \fBconfig\fP, \fBdefault\-exchange\fP, +\fBmake\-transaction\fP, and \fBcamt053tick\fP\&. +.IP \(bu 2 +Start the HTTP server with command \fBserve\fP\&. +Let this run in a shell, writing logs to stderr. +.IP \(bu 2 +Point program \fBlibeufin\-nexus\fP at the sandbox. +.IP \(bu 2 +Interact with \fBlibeufin\-nexus\fP\&. +.IP \(bu 2 +When finished, interrupt the \fBserve\fP process and clean up with command +\fBreset\-tables\fP\&. +.UNINDENT +.sp +The following sections describe each command in detail. +.SS config +.sp +This command takes argument \fBNAME\fP and creates a demobank with that name. +.sp +Option \fB\-\-currency CUR\fP (default: \fBEUR\fP) specifes another currency. +Option \fB\-\-bank\-debt\-limit N\fP (default: 1000000) specifies that +the bank debt limit should be N (units of currency). +Similarly, option \fB\-\-users\-debt\-limit N\fP (default: 1000) specifies +that the users debt limit should be N (units of currency). +.sp +For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ libeufin\-sandbox config default +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +This creates the demobank \fBdefault\fP with currency \fBEUR\fP, +bank debt limit 1000000, users debt limit 1000, +and allows registrations. +.SS default\-exchange +.sp +This command sets the exchange that a demobank will suggest to wallets. +(Wallets are of course free to disregard the suggestion and choose +another exchange.) +It requires two arguments, \fBEXCHANGE\-BASEURL\fP and \fBEXCHANGE\-PAYTO\fP\&. +The option \fB\-\-demobank NAME\fP (default: \fBdefault\fP) specifies +which demobank this setting affects. +.sp +For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ libeufin\-sandbox default\-exchange \e + \-\-demobank bank01 \e + https://exchange.example.com/ \e + payto://iban/CH9300762011623852957 +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +This sets the default exchange for demobank \fBbank01\fP\&. +It is an error if the demobank does not exist. +.SS make\-transaction +.sp +This is a "legacy" command, useful in a previous iteration of LibEuFin +and for internal testing. +It creates and records a wire transfer transaction in the database. +.sp +It takes two arguments and several required options. +The arguments are \fBAMOUNT\fP, in \fBCUR:X.Y\fP format; +and \fBSUBJECT\fP, a short textual description of the transaction. +The options are: \fB\-\-credit\-account LABEL\fP and \fB\-\-debit\-account LABEL\fP, +where each LABEL names a bank account for receiving and issuing, +respectively, the wire transfer. +The option \fB\-\-demobank NAME\fP (default: \fBdefault\fP) specifies +in which demobank the wire transfer occurs. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +If you have not yet called \fBconfig\fP, this command creates +a demobank named \fBdefault\fP on its first use. The currency, +and bank debt limit have the same defaults as for the \fBconfig\fP +command. The users debt limit, however, defaults to 10000. +.UNINDENT +.UNINDENT +.sp +FIXME: How to achieve the same result with \fBlibeufin\-cli\fP? +.SS camt053tick +.sp +This command advances the internal time step that the demobank +uses to group transactions for reporting. +(Successive transactions will be inserted in a new Camt.053 report.) +.sp +For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +$ libeufin\-sandbox camt053tick +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +FIXME: How to achieve the same result with \fBlibeufin\-cli\fP? +.SS serve +.sp +This command starts the HTTP server, listening on port 5000. +To use a different port, use option \fB\-\-port INT\fP\&. +To listen, instead, on a Unix domain socket, +use option \fB\-\-with\-unix\-socket PATH\fP\&. +When both \fB\-\-port\fP and \fB\-\-with\-unix\-socket\fP are given, +\fB\-\-with\-unix\-socket\fP takes precedence. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +If you have not yet called \fBconfig\fP, this command creates +a demobank named \fBdefault\fP on its first use. The currency, +and bank debt limit have the same defaults as for the \fBconfig\fP +command. The users debt limit, however, defaults to 10000. +.UNINDENT +.UNINDENT +.sp +The process runs in the foreground, writing its logs to standard error. +The normal log level is \fBDEBUG\fP\&. +To change it, use \fB\-\-log\-level LEVEL\fP, where \fBLEVEL\fP is one of: +\fBERROR\fP, \fBWARN\fP, \fBINFO\fP, \fBDEBUG\fP, \fBTRACE\fP\&. +.sp +Before invoking \fBserve\fP, the following environment variables need to be set: +.INDENT 0.0 +.TP +.B \fBLIBEUFIN_SANDBOX_ADMIN_PASSWORD\fP +The password required for later use by \fBlibeufin\-cli\fP\&. +For testing purposes, you can use option \fB\-\-no\-auth\fP to disable +this requirement. +(In that case, this environment variable need not be set.) +.TP +.B \fBLIBEUFIN_SANDBOX_DB_CONNECTION\fP +This specifies the database \fBlibeufin\-sandbox\fP uses to maintain state. +Currently, both Sqlite and PostgreSQL are supported. +(Only one needs to be specified.) +Examples: +.INDENT 7.0 +.IP \(bu 2 +\fBjdbc:sqlite:/tmp/libeufin\-sandbox.db\fP +.IP \(bu 2 +\fBjdbc:postgresql://localhost:5432/libeufindb?user=Foo&password=secret\fP +.UNINDENT +.UNINDENT +.sp +Normally, the \fBserve\fP command runs until interrupted. +When run in a shell, you can use \fBControl\-C\fP for that. +.SS reset\-tables +.sp +This command drops all the tables in the internal database. +(The next time the tables are needed, \fBlibeufin\-sandbox\fP creates them +again, automatically.) +.sp +It should only be used when the sandbox is quiescent. +.SH SEE ALSO +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.taler.net\fP or by sending electronic +mail to <\fI\%taler@gnu.org\fP>. +.SH AUTHOR +GNU Taler contributors +.SH COPYRIGHT +2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/man/sync-config.1 b/man/sync-config.1 index 6d234ba7..10e0d3e4 100644 --- a/man/sync-config.1 +++ b/man/sync-config.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SYNC-CONFIG" "1" "Dec 23, 2021" "0.8" "GNU Taler" +.TH "SYNC-CONFIG" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME sync-config \- manipulate Sync configuration files . @@ -54,7 +54,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] \fB\-b\fP \fIBACKEND\fP | \fB\-\-supported\-backend=\fP\fIBACKEND\fP Tests whether the specified \fIBACKEND\fP is supported by the current installation. The backend must match the name of a plugin, i.e. "namestore_postgres" for -the Postgres database backend of the "NAMESTORE" service. If \fIBACKEND\fP is +the PostgreSQL database backend of the "NAMESTORE" service. If \fIBACKEND\fP is supported, sync\-config will return a status code of 0 (success), otherwise 77 (unsupported). When this option is specified, no other options may be specified. Specifying this option together with other options will cause diff --git a/man/sync-dbinit.1 b/man/sync-dbinit.1 index 85dc55e6..2964e5aa 100644 --- a/man/sync-dbinit.1 +++ b/man/sync-dbinit.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SYNC-DBINIT" "1" "Dec 23, 2021" "0.8" "GNU Taler" +.TH "SYNC-DBINIT" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME sync-dbinit \- initialize the Sync database . diff --git a/man/sync-httpd.1 b/man/sync-httpd.1 index cd73bc42..9f2955ce 100644 --- a/man/sync-httpd.1 +++ b/man/sync-httpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SYNC-HTTPD" "1" "Dec 23, 2021" "0.8" "GNU Taler" +.TH "SYNC-HTTPD" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME sync-httpd \- provide the Sync HTTP interface . diff --git a/man/sync.conf.5 b/man/sync.conf.5 index 61d856a1..b4474ff9 100644 --- a/man/sync.conf.5 +++ b/man/sync.conf.5 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SYNC.CONF" "5" "Dec 23, 2021" "0.8" "GNU Taler" +.TH "SYNC.CONF" "5" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME sync.conf \- Sync configuration file . diff --git a/man/taler-auditor-dbinit.1 b/man/taler-auditor-dbinit.1 index bb34c9f3..0d46cf8f 100644 --- a/man/taler-auditor-dbinit.1 +++ b/man/taler-auditor-dbinit.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR-DBINIT" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR-DBINIT" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor-dbinit \- setup auditor database . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\-dbinit\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-g\fP\ |\ \fB–gc\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-R\fP\ |\ \fB–reset\fP] -[\fB\-r\fP\ |\ \fB–restart\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-g\fP\ |\ \fB\-\-gc\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-R\fP\ |\ \fB\-\-reset\fP] +[\fB\-r\fP\ |\ \fB\-\-restart\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-dbinit\fP is a command\-line tool to initialize the Taler @@ -50,32 +50,32 @@ Taler exchange to operate. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-g\fP | \fB–gc\fP +\fB\-g\fP | \fB\-\-gc\fP Garbage collect database. Deletes all unnecessary data in the database. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-R\fP | \fB–reset\fP +\fB\-R\fP | \fB\-\-reset\fP Drop tables. Dangerous, will delete all existing data in the database. .TP -\fB\-r\fP | \fB–restart\fP +\fB\-r\fP | \fB\-\-restart\fP Restart all auditors from the beginning. Useful for testing. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-auditor-exchange.1 b/man/taler-auditor-exchange.1 index c3923c05..e00fef75 100644 --- a/man/taler-auditor-exchange.1 +++ b/man/taler-auditor-exchange.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR-EXCHANGE" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR-EXCHANGE" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor-exchange \- add or remove exchange from auditor’s list . @@ -33,12 +33,12 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\-exchange\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-m\fP\ \fIMASTERKEY\fP\ |\ \fB–exchange\-key=\fP\fIMASTERKEY\fP] -[\fB\-r\fP\ |\ \fB–remove\fP] -[\fB\-u\fP\ \fIEXCHANGE_URL\fP\ |\ \fB–auditor\-url=\fP\fIEXCHANGE_URL\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-m\fP\ \fIMASTERKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIMASTERKEY\fP] +[\fB\-r\fP\ |\ \fB\-\-remove\fP] +[\fB\-u\fP\ \fIEXCHANGE_URL\fP\ |\ \fB\-\-auditor\-url=\fP\fIEXCHANGE_URL\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-auditor\-exchange\fP is a command\-line tool to be used by an @@ -49,27 +49,27 @@ taler\-auditor or taler\-wire\-auditor. Afterwards the exchange will be visible via the /exchanges API of the taler\-auditor\-httpd. .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-m\fP \fIMASTERKEY\fP | \fB–exchange\-key=\fP\fIMASTERKEY\fP +\fB\-m\fP \fIMASTERKEY\fP | \fB\-\-exchange\-key=\fP\fIMASTERKEY\fP Public key of the exchange in Crockford base32 encoding, for example as generated by \fBtaler\-auditor\-offline setup\fP\&. .TP -\fB\-r\fP | \fB–remove\fP +\fB\-r\fP | \fB\-\-remove\fP Instead of adding the exchange, remove it. Note that this will drop ALL data associated with that exchange, including existing auditing information. So use with extreme care! .TP -\fB\-u\fP \fIEXCHANGE_URL\fP | \fB–auditor\-url=\fP\fIEXCHANGE_URL\fP +\fB\-u\fP \fIEXCHANGE_URL\fP | \fB\-\-auditor\-url=\fP\fIEXCHANGE_URL\fP URL of the exchange. The exchange’s HTTP API must be available at this address. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH DIAGNOSTICS diff --git a/man/taler-auditor-httpd.1 b/man/taler-auditor-httpd.1 index e9c955ad..428c605f 100644 --- a/man/taler-auditor-httpd.1 +++ b/man/taler-auditor-httpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR-HTTPD" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR-HTTPD" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor-httpd \- HTTP server providing a RESTful API to access a Taler auditor . @@ -33,13 +33,13 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\-httpd\fP -[\fB\-C\fP\ |\ \fB–connection\-close\fP] -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-t\fP\ \fISECONDS\fP\ |\ \fB–timeout\fP\fISECONDS\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-C\fP\ |\ \fB\-\-connection\-close\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-t\fP\ \fISECONDS\fP\ |\ \fB\-\-timeout\fP\fISECONDS\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-auditor\-httpd\fP is a command\-line tool to run the Taler auditor @@ -48,30 +48,30 @@ before running this command. .SH OPTIONS .INDENT 0.0 .TP -\fB\-C\fP | \fB–connection\-close\fP +\fB\-C\fP | \fB\-\-connection\-close\fP Force each HTTP connection to be closed after each request (useful in combination with \-f to avoid having to wait for nc to time out). .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from FILENAME. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-t\fP \fISECONDS\fP | \fB–timeout=\fP\fISECONDS\fP +\fB\-t\fP \fISECONDS\fP | \fB\-\-timeout=\fP\fISECONDS\fP Specifies the number of \fISECONDS\fP after which the HTTPD should close (idle) HTTP connections. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SIGNALS diff --git a/man/taler-auditor-offline.1 b/man/taler-auditor-offline.1 index eff88afc..60372ec1 100644 --- a/man/taler-auditor-offline.1 +++ b/man/taler-auditor-offline.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR-OFFLINE" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR-OFFLINE" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor-offline \- Taler auditor certifies that it audits a Taler exchange . @@ -33,21 +33,21 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\-offline\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-v\fP\ |\ \fB–version\fP] -[subcommand …] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +[subcommand ...] .SH DESCRIPTION .sp \fBtaler\-auditor\-offline\fP is a command\-line tool to be used by an auditor to -sign that he is aware of certain keys being used by a exchange. Using this +sign that he is aware of certain keys being used by an exchange. Using this signature, the auditor affirms that he will verify that the exchange is properly accounting for coins of those denominations. The tool takes a list of subcommands as arguments which are then processed sequentially. .sp -The tool includes two subcommands to interact \fIonline\fP with the exchange’s +The tool includes two subcommands to interact \fIonline\fP with the exchange\(aqs REST APIs. The \fBdownload\fP subcommand downloads current public keys from the running exchange. Note that this only includes keys that the exchange operator has previously validated using the \fBtaler\-exchange\-offline\fP tool. @@ -55,10 +55,10 @@ The resulting data serves as input to the \fBsign\fP and \fBshow\fP subcommands. .sp The \fBupload\fP subcommand uploads the signatures created with the private key to the exchange. It handles the output of all subcommands (except \fBdownload\fP). -The \fBdownload\fP and \fBupload\fP subcommands must naturally be run “online” and do not -require access to the auditor’s private key, which should be kept offline. +The \fBdownload\fP and \fBupload\fP subcommands must naturally be run "online" and do not +require access to the auditor\(aqs private key, which should be kept offline. .sp -All other subcommands are intended to be run “offline”. However, especially +All other subcommands are intended to be run "offline". However, especially when testing, it is of course possible to run the subcommands online as well. Generally, subcommands read inputs (beyond command\-line arguments) from \fBstdin\fP\&. However, they may also consume outputs of previous @@ -68,28 +68,28 @@ and if not consumed the final output is printed to \fBstdout\fP\&. The general options for \fBtaler\-auditor\-offline\fP are: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH CONFIGURATION .sp The exchange and the \fBtaler\-auditor\-httpd\fP must both be provided with -the auditor’s public key, such that they can validate messages signed -by the auditor. To obtain the auditor’s public key, use: +the auditor\(aqs public key, such that they can validate messages signed +by the auditor. To obtain the auditor\(aqs public key, use: .INDENT 0.0 .INDENT 3.5 .sp @@ -102,13 +102,13 @@ $ taler\-auditor\-offline setup .UNINDENT .sp Note that if the private key file already exists, the above will simply output -the existing key. Passing additional arguments after setup (including “\-“) +the existing key. Passing additional arguments after setup (including "\-") will cause the output to be encapsulated in JSON. .sp Relevant configuration options for \fBtaler\-auditor\-offline\fP are: .INDENT 0.0 .IP \(bu 2 -\fB[auditor/AUDITOR_PRIV_FILE]\fP — where to store the private key +\fB[auditor/AUDITOR_PRIV_FILE]\fP \-\-\- where to store the private key .UNINDENT .SH SUBCOMMANDS .SS setup diff --git a/man/taler-auditor-sync.1 b/man/taler-auditor-sync.1 index a686976a..9710f270 100644 --- a/man/taler-auditor-sync.1 +++ b/man/taler-auditor-sync.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR-SYNC" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR-SYNC" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor-sync \- tool to safely synchronize auditor database . @@ -33,17 +33,17 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\-sync\fP -[\fB\-s\fP\ \fIFILENAME\fP\ |\ \fB–source\-configuration=\fP\fIFILENAME\fP] -[\fB\-d\fP\ \fIFILENAME\fP\ |\ \fB–destination\-configuration=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-b\fP\ \fISIZE\fP\ |\ \fB–batch=\fP\fISIZE\fP] -[\fB\-t\fP\ |\ \fB–terminate\-when\-synchronized\fP] -[\fB\-v\fP\ |\ \fB–version\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] +[\fB\-s\fP\ \fIFILENAME\fP\ |\ \fB\-\-source\-configuration=\fP\fIFILENAME\fP] +[\fB\-d\fP\ \fIFILENAME\fP\ |\ \fB\-\-destination\-configuration=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-b\fP\ \fISIZE\fP\ |\ \fB\-\-batch=\fP\fISIZE\fP] +[\fB\-t\fP\ |\ \fB\-\-terminate\-when\-synchronized\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] .SH DESCRIPTION .sp \fBtaler\-auditor\-sync\fP is a command\-line tool to synchronize the -Taler auditor’s database in a safe way from a Taler exchange +Taler auditor\(aqs database in a safe way from a Taler exchange database. If the exchange database violates the assumed database invariants (as expressed by database constraints) or attempts to DELETE or UPDATE tables (at least those that the auditor relies @@ -53,31 +53,31 @@ and instead halt with an error. Its options are as follows: .INDENT 0.0 .TP -\fB\-s\fP \fIFILENAME\fP | \fB–source\-configuration=\fP\fIFILENAME\fP +\fB\-s\fP \fIFILENAME\fP | \fB\-\-source\-configuration=\fP\fIFILENAME\fP Use the configuration in \fIFILENAME\fP to access the original (source) exchange database to copy records from. .TP -\fB\-d\fP \fIFILENAME\fP | \fB–destination\-configuration=\fP\fIFILENAME\fP +\fB\-d\fP \fIFILENAME\fP | \fB\-\-destination\-configuration=\fP\fIFILENAME\fP Use the configuration in \fIFILENAME\fP to access the target (destination) exchange database to copy records to. .TP -\fB\-t\fP | \fB–terminate\-when\-synchronized\fP +\fB\-t\fP | \fB\-\-terminate\-when\-synchronized\fP The program should exit once the two databases are in sync, instead of continuously copying more records when the source database is updated. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-b\fP \fISIZE\fP | \fB–batch=\fP\fISIZE\fP +\fB\-b\fP \fISIZE\fP | \fB\-\-batch=\fP\fISIZE\fP Target number of records to copy in one transaction. Once the databases are in sync, the batch size is used to determine how long the process sleeps before trying to again synchronize the two databases. Not useful if \fB\-t\fP is used. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-auditor.1 b/man/taler-auditor.1 index 63d5853b..c1bc8a99 100644 --- a/man/taler-auditor.1 +++ b/man/taler-auditor.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-AUDITOR" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-AUDITOR" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-auditor \- audit exchange . @@ -33,14 +33,15 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-auditor\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-i**_|_\fP–internal**] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIMASTER_KEY\fP\ |\ \fB–exchange\-key=\fP\fIMASTER_KEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-i**_|_\fP\-\-internal**] +[\fB\-I**_|_\fP\-\-ignore\-not\-found**] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIMASTER_KEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIMASTER_KEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-auditor\fP is a command\-line tool to be used by an auditor to @@ -54,36 +55,40 @@ incoming and outgoing wire transfers that the bank claims to have matches the exchange’s database. Its options are as follows. .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Run additional checks that can only performed on the exchange\-internal -database and not the “safe” replicated database at the auditor. +database and not the "safe" replicated database at the auditor. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-I\fP | \fB\-\-ignore\-not\-found\fP +Do not fail if the bank says that the exchange bank account does not (yet) exist. +Keep trying. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Public master key of the exchange in Crockford base32 encoding, for example as generated by \fBtaler\-auditor\-offline setup\fP\&. If this option is missing, taler\-auditor will use the MASTER_PUBLIC_KEY value from the “exchange” section of the configuration. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-config.1 b/man/taler-config.1 index a98c9817..83aaa96b 100644 --- a/man/taler-config.1 +++ b/man/taler-config.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-CONFIG" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-CONFIG" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-config \- Taler configuration inspection and editing . @@ -33,69 +33,69 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-config\fP -[\fB\-b\fP\ \fIbackend\fP\ |\ \fB–supported\-backend=\fP\fIbackend\fP] -[\fB\-c\fP\ \fIfilename\fP\ |\ \fB–config=\fP\fIfilename\fP] -[\fB\-f\fP\ |\ \fB–filename\fP] -[\fB\-F\fP\ |\ \fB–full\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fIloglevel\fP\ |\ \fB–loglevel=\fP\fIloglevel\fP] -[\fB\-l\fP\ \fIfilename\fP\ |\ \fB–logfile=\fP\fIfilename\fP] -[\fB\-o\fP\ \fIoption\fP\ |\ \fB–option=\fP\fIoption\fP] -[\fB\-r\fP\ |\ \fB–rewrite\fP] -[\fB\-S\fP\ |\ \fB–list\-sections\fP] -[\fB\-s\fP\ \fIsection\fP\ |\ \fB–section=\fP\fIsection\fP] -[\fB\-V\fP\ \fIvalue\fP\ |\ \fB–value=\fP\fIvalue\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-b\fP\ \fIbackend\fP\ |\ \fB\-\-supported\-backend=\fP\fIbackend\fP] +[\fB\-c\fP\ \fIfilename\fP\ |\ \fB\-\-config=\fP\fIfilename\fP] +[\fB\-f\fP\ |\ \fB\-\-filename\fP] +[\fB\-F\fP\ |\ \fB\-\-full\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fIloglevel\fP\ |\ \fB\-\-loglevel=\fP\fIloglevel\fP] +[\fB\-l\fP\ \fIfilename\fP\ |\ \fB\-\-logfile=\fP\fIfilename\fP] +[\fB\-o\fP\ \fIoption\fP\ |\ \fB\-\-option=\fP\fIoption\fP] +[\fB\-r\fP\ |\ \fB\-\-rewrite\fP] +[\fB\-S\fP\ |\ \fB\-\-list\-sections\fP] +[\fB\-s\fP\ \fIsection\fP\ |\ \fB\-\-section=\fP\fIsection\fP] +[\fB\-V\fP\ \fIvalue\fP\ |\ \fB\-\-value=\fP\fIvalue\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-config\fP can be used to read or modify GNU Taler configuration files. .INDENT 0.0 .TP -\fB\-b\fP \fIBACKEND\fP | \fB–supported\-backend=\fP\fIBACKEND\fP +\fB\-b\fP \fIBACKEND\fP | \fB\-\-supported\-backend=\fP\fIBACKEND\fP Tests whether the specified \fIBACKEND\fP is supported by the current installation. -The backend must match the name of a plugin, i.e. “namestore_postgres” for -the Postgres database backend of the “NAMESTORE” service. If \fIBACKEND\fP is +The backend must match the name of a plugin, i.e. "namestore_postgres" for +the PostgreSQL database backend of the "NAMESTORE" service. If \fIBACKEND\fP is supported, taler\-config will return a status code of 0 (success), otherwise 77 (unsupported). When this option is specified, no other options may be specified. Specifying this option together with other options will cause taler\-config to return a status code of 1 (error). .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration file \fIFILENAME\fP\&. .TP -\fB\-f\fP | \fB–filename\fP +\fB\-f\fP | \fB\-\-filename\fP Try to perform expansions as if the option values represent filenames (will also be applied even if the option is not really a filename). .TP -\fB\-F\fP | \fB–full\fP +\fB\-F\fP | \fB\-\-full\fP Write the full configuration file, not just the differences to the defaults. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Use \fILOGLEVEL\fP for logging. Valid values are \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, and \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-o\fP \fIOPTION\fP | \fB–option=\fP\fIOPTION\fP +\fB\-o\fP \fIOPTION\fP | \fB\-\-option=\fP\fIOPTION\fP Which configuration option should be accessed or edited. Required to set a value. If not given, all values of a given section will be printed in the -format “OPTION = VALUE”. +format "OPTION = VALUE". .TP -\fB\-r\fP | \fB–rewrite\fP +\fB\-r\fP | \fB\-\-rewrite\fP Write the configuration file even if nothing changed. Will remove all comments! .TP -\fB\-S\fP | \fB–list\-sections\fP +\fB\-S\fP | \fB\-\-list\-sections\fP List available configuration sections for use with \fB\-\-section\fP\&. .TP -\fB\-s\fP \fISECTION\fP | \fB–section=\fP\fISECTION\fP +\fB\-s\fP \fISECTION\fP | \fB\-\-section=\fP\fISECTION\fP Which configuration section should be accessed or edited. Required option. .TP -\fB\-V\fP \fIVALUE\fP | \fB–value=\fP\fIVALUE\fP +\fB\-V\fP \fIVALUE\fP | \fB\-\-value=\fP\fIVALUE\fP Configuration value to store in the given section under the given option. Must only be given together with \fB\-s\fP and \fB\-o\fP options. .INDENT 7.0 @@ -105,7 +105,7 @@ Changing the configuration file with \fB\-V\fP will remove comments and may reorder sections and remove \fB@INLINE@\fP directives. .UNINDENT .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print GNU Taler version number. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-aggregator.1 b/man/taler-exchange-aggregator.1 index 5417b93b..fa9180bc 100644 --- a/man/taler-exchange-aggregator.1 +++ b/man/taler-exchange-aggregator.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-AGGREGATOR" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-AGGREGATOR" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-aggregator \- aggregate deposits into wire transfers . @@ -33,44 +33,52 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-aggregator\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel\fP\fIUSEC\fP] -[\fB\-t\fP\ |\ \fB–test\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel\fP\fIUSEC\fP] +[\fB\-t\fP\ |\ \fB\-\-test\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +[\fB\-y**_|_\fP\-\-kyc\-off**] .SH DESCRIPTION .sp \fBtaler\-exchange\-aggregator\fP is a command\-line tool to run aggregate deposits to the same merchant into larger wire transfers. The actual transfers are then done by \fBtaler\-exchange\-transfer\fP\&. +.sp +The AGGREGATOR_SHARD_SIZE option can be used to allow multiple aggregator processes to run in parallel and share the load. This is only recommended if a single aggregator is insufficient for the workload. +.sp +The aggregator uses a special table to lock shards it is working on. If an aggregator process dies (say due to a power failure), these shard locks may prevent the aggregator from resuming normally. In this case, you must run "taler\-exchange\-dbinit \-s" to release the shard locks before restarting the aggregator. .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP | \fB–test\fP +\fB\-t\fP | \fB\-\-test\fP Run in test mode and exit when idle. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. +.TP +\fB\-y\fP | \fB\-\-kyc\-off\fP +Run without KYC checks. Talk with your regulator before using this option. .UNINDENT .SH SEE ALSO .sp diff --git a/man/taler-exchange-benchmark.1 b/man/taler-exchange-benchmark.1 index 55dc9586..f3efc378 100644 --- a/man/taler-exchange-benchmark.1 +++ b/man/taler-exchange-benchmark.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-BENCHMARK" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-BENCHMARK" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-benchmark \- measure exchange performance . @@ -33,19 +33,19 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-benchmark\fP -[\fB\-c\fP\ \fICONFIG_FILENAME\fP\ |\ \fB–config=\fP\fICONFIG_FILENAME\fP] -[\fB\-F\fP\ |\ \fB–reserves\-first\fP] -[\fB\-f\fP\ |\ \fB–fakebank\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-K\fP\ |\ \fB–linger\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–log\-level=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIMODE\fP\ |\ \fB–mode=\fP\fIMODE\fP] -[\fB\-n\fP\ \fIHOWMANY_COINS\fP\ |\ \fB–coins\-number=\fP\fIHOWMANY_COINS\fP] -[\fB\-p\fP\ \fINPROCS\fP\ |\ \fB–parallelism=\fP\fINPROCS\fP] -[\fB\-R\fP\ \fIRATE\fP\ |\ \fB–refresh\-rate=\fP\fIRATE\fP] -[\fB\-r\fP\ \fIN\fP\ |\ \fB–reserves=\fP\fIN\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fICONFIG_FILENAME\fP\ |\ \fB\-\-config=\fP\fICONFIG_FILENAME\fP] +[\fB\-F\fP\ |\ \fB\-\-reserves\-first\fP] +[\fB\-f\fP\ |\ \fB\-\-fakebank\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-K\fP\ |\ \fB\-\-linger\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-log\-level=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIMODE\fP\ |\ \fB\-\-mode=\fP\fIMODE\fP] +[\fB\-n\fP\ \fIHOWMANY_COINS\fP\ |\ \fB\-\-coins\-number=\fP\fIHOWMANY_COINS\fP] +[\fB\-p\fP\ \fINPROCS\fP\ |\ \fB\-\-parallelism=\fP\fINPROCS\fP] +[\fB\-R\fP\ \fIRATE\fP\ |\ \fB\-\-refresh\-rate=\fP\fIRATE\fP] +[\fB\-r\fP\ \fIN\fP\ |\ \fB\-\-reserves=\fP\fIN\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-benchmark\fP is a command\-line tool to measure the time @@ -56,50 +56,50 @@ Nginx. Moreover, the benchmark runs on a “volatile” database, that means that table are always erased during a single benchmark run. .INDENT 0.0 .TP -\fB\-c\fP \fICONFIG_FILENAME\fP | \fB–config=\fP\fICONFIG_FILENAME\fP +\fB\-c\fP \fICONFIG_FILENAME\fP | \fB\-\-config=\fP\fICONFIG_FILENAME\fP (Mandatory) Use CONFIG_FILENAME. .TP -\fB\-F\fP | \fB–reserves\-first\fP +\fB\-F\fP | \fB\-\-reserves\-first\fP Create all reserves first, before starting normal operations. .TP -\fB\-f\fP | \fB–fakebank\fP +\fB\-f\fP | \fB\-\-fakebank\fP Launch a fakebank instead of the Python bank. Only meaningful if the mode is to launch more than just a client. Note that using the fakebank will cause the benchmark application to reset all databases as the fakebank is stateless and thus previous database state would inherently cause trouble. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Prints a compiled\-in help text. .TP -\fB\-K\fP | \fB–linger\fP +\fB\-K\fP | \fB\-\-linger\fP Linger around until keypress after the benchmark is done. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–log\-level=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-log\-level=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIMODE\fP | \fB–mode=\fP\fIMODE\fP +\fB\-m\fP \fIMODE\fP | \fB\-\-mode=\fP\fIMODE\fP Mode of operation. Accepted values are: \fBexchange\fP, \fBclients\fP, \fBboth\fP\&. .TP -\fB\-n\fP \fIHOWMANY_COINS\fP | \fB–coins\-number=\fP\fIHOWMANY_COINS\fP +\fB\-n\fP \fIHOWMANY_COINS\fP | \fB\-\-coins\-number=\fP\fIHOWMANY_COINS\fP Defaults to 1. Specifies how many coins this benchmark should withdraw and spend. After being spent, each coin will be refreshed with a probability RATE (see option \fB\-\-refresh\-rate\fP). .TP -\fB\-p\fP \fINPROCS\fP | \fB–parallelism=\fP\fINPROCS\fP +\fB\-p\fP \fINPROCS\fP | \fB\-\-parallelism=\fP\fINPROCS\fP Run with \fINPROCS\fP client processes. .TP -\fB\-R\fP \fIRATE\fP | \fB–refresh\-rate=\fP\fIRATE\fP +\fB\-R\fP \fIRATE\fP | \fB\-\-refresh\-rate=\fP\fIRATE\fP Defaults to 10. Probability of refresh per coin (0\-100). .TP -\fB\-r\fP \fIN\fP | \fB–reserves=\fP\fIN\fP +\fB\-r\fP \fIN\fP | \fB\-\-reserves=\fP\fIN\fP Create \fIN\fP reserves per client. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-closer.1 b/man/taler-exchange-closer.1 index bac9e75e..551dc7bc 100644 --- a/man/taler-exchange-closer.1 +++ b/man/taler-exchange-closer.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-CLOSER" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-CLOSER" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-closer \- close idle reserves . @@ -33,13 +33,13 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-closer\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-t\fP\ |\ \fB–test\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ |\ \fB\-\-test\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-closer\fP is a command\-line tool to run close @@ -47,29 +47,29 @@ reserves that have been idle for too long, causing transfers to the originating bank account to be scheduled. .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP | \fB–test\fP +\fB\-t\fP | \fB\-\-test\fP Run in test mode and exit when idle. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-dbinit.1 b/man/taler-exchange-dbinit.1 index 55b53573..c80e6b40 100644 --- a/man/taler-exchange-dbinit.1 +++ b/man/taler-exchange-dbinit.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-DBINIT" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-DBINIT" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-dbinit \- initialize Taler exchange database . @@ -33,13 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-dbinit\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-g\fP\ |\ \fB–gc\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-r\fP\ |\ \fB–reset\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-g\fP\ |\ \fB\-\-gc\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-r\fP\ |\ \fB\-\-reset\fP] +[\fB\-s\fP\ |\ \fB\-\-shardunlock\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-dbinit\fP is a command\-line tool to initialize the Taler @@ -49,28 +50,31 @@ Taler exchange to operate. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-g\fP | \fB–gc\fP +\fB\-g\fP | \fB\-\-gc\fP Garbage collect database. Deletes all unnecessary data in the database. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-r\fP | \fB–reset\fP +\fB\-r\fP | \fB\-\-reset\fP Drop tables. Dangerous, will delete all existing data in the database before creating the tables. .TP +\fB\-s\fP | \fB\-\-shardunlock\fP +Clears the (revolving) shards table. Needed to clear locks that may be held after a crash (of taler\-exchange\-aggregator or the operating system, say due to power outage) or if the AGGREGATOR_SHARD_SIZE option is changed in the configuration file. +.TP \fB\-v\fP | \fB–version\fP Print version information. .UNINDENT diff --git a/man/taler-exchange-expire.1 b/man/taler-exchange-expire.1 new file mode 100644 index 00000000..3a539ca6 --- /dev/null +++ b/man/taler-exchange-expire.1 @@ -0,0 +1,88 @@ +.\" Man page generated from reStructuredText. +. +.TH "TALER-EXCHANGE-EXPIRE" "1" "Jun 20, 2022" "0.8" "GNU Taler" +.SH NAME +taler-exchange-expire \- refund expired purses +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBtaler\-exchange\-expire\fP +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ |\ \fB\-\-test\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +.SH DESCRIPTION +.sp +\fBtaler\-exchange\-expire\fP is a command\-line tool to run refund +money in purses that were not merged before their expiration time. +This allows the wallet to recover the funds deposited into the +purse using a refresh operation. +.INDENT 0.0 +.TP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP +Use the configuration and other resources for the exchange to operate +from \fIFILENAME\fP\&. +.TP +\fB\-h\fP | \fB\-\-help\fP +Print short help on options. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP +Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, +\fBWARNING\fP, \fBERROR\fP\&. +.TP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP +Send logging output to \fIFILENAME\fP\&. +.TP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP +Modify the system time by \fIUSEC\fP microseconds. +\fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). +This option is intended for debugging/testing only. +.TP +\fB\-t\fP | \fB\-\-test\fP +Run in test mode and exit when idle. +.TP +\fB\-v\fP | \fB\-\-version\fP +Print version information. +.UNINDENT +.SH SEE ALSO +.sp +taler\-exchange\-router(1), taler\-exchange\-httpd(1), taler.conf(5). +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.taler.net/\fP or by sending electronic +mail to <\fI\%taler@gnu.org\fP>. +.SH AUTHOR +GNU Taler contributors +.SH COPYRIGHT +2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/man/taler-exchange-httpd.1 b/man/taler-exchange-httpd.1 index 6f6a9722..d9c86a3e 100644 --- a/man/taler-exchange-httpd.1 +++ b/man/taler-exchange-httpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-HTTPD" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-HTTPD" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-httpd \- run Taler exchange (with RESTful API) . @@ -33,17 +33,18 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-httpd\fP -[\fB\-a\fP\ |\ \fB–allow\-timetravel\fP] -[\fB\-C\fP\ |\ \fB–connection\-close\fP] -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-f\fP\ \fIFILENAME\fP\ |\ \fB–file\-input=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-n\fP\ \fIN\fP\ |\ \fB–num\-threads=\fP\fIN\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-t\fP\ \fISECONDS\fP\ |\ \fB–timeout=\fP\fISECONDS\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-a\fP\ |\ \fB\-\-allow\-timetravel\fP] +[\fB\-C\fP\ |\ \fB\-\-connection\-close\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-f\fP\ \fIFILENAME\fP\ |\ \fB\-\-file\-input=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-n\fP\ \fIN\fP\ |\ \fB\-\-num\-threads=\fP\fIN\fP] +[\fB\-r**|\fP\-\-allow\-reuse\-address**] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ \fISECONDS\fP\ |\ \fB\-\-timeout=\fP\fISECONDS\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-httpd\fP is a command\-line tool to run the Taler @@ -53,24 +54,24 @@ must exist before running this command. Its options are as follows: .INDENT 0.0 .TP -\fB\-a\fP | \fB–allow\-timetravel\fP +\fB\-a\fP | \fB\-\-allow\-timetravel\fP Allow clients to request /keys for arbitrary timestamps. This should only be enabled for testing and development, as clients could abuse this in denial of service attacks, as it makes the /keys response generation much more expensive. .TP -\fB\-C\fP | \fB–connection\-close\fP +\fB\-C\fP | \fB\-\-connection\-close\fP Force each HTTP connection to be closed after each request (useful in combination with \fB\-f\fP to avoid having to wait for netcat (nc) to time out). .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from FILENAME. .TP -\fB\-f\fP \fIFILENAME\fP | \fB–file\-input=\fP\fIFILENAME\fP +\fB\-f\fP \fIFILENAME\fP | \fB\-\-file\-input=\fP\fIFILENAME\fP This option is only available if the exchange was compiled with the -configure option –enable\-developer\-mode. It is used for generating +configure option \-\-enable\-developer\-mode. It is used for generating test cases against the exchange using AFL. When this option is present, the HTTP server will .INDENT 7.0 @@ -88,29 +89,31 @@ input from an HTTP client and then immediately exit. This is useful to test taler\-exchange\-httpd against many different possible inputs in a controlled way. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-n\fP \fIN\fP | \fB–num\-threads=\fP\fIN\fP -Use \fIN\fP threads in the thread pool. +\fB\-r\fP | \fB\-\-allow\-reuse\-address\fP +Allow the exchange to re\-use the listen port even if another service +is already using it. Useful if multiple processes are used to increase +processing capacity. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP \fISECONDS\fP | \fB–timeout=\fP\fISECONDS\fP +\fB\-t\fP \fISECONDS\fP | \fB\-\-timeout=\fP\fISECONDS\fP Specifies the number of SECONDS after which the HTTPD should close (idle) HTTP connections. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SIGNALS diff --git a/man/taler-exchange-offline.1 b/man/taler-exchange-offline.1 index db10b00e..420b0d08 100644 --- a/man/taler-exchange-offline.1 +++ b/man/taler-exchange-offline.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-OFFLINE" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-OFFLINE" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-offline \- operations using the offline key of a Taler exchange . @@ -33,21 +33,21 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-offline\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-v\fP\ |\ \fB–version\fP] -[subcommand …] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +[subcommand ...] .SH DESCRIPTION .sp \fBtaler\-exchange\-offline\fP is a command\-line tool to interact with the Taler -exchange’s master private key. Most operations of this tool require access to +exchange\(aqs master private key. Most operations of this tool require access to the exchange’s long\-term offline signing key and should be run in a secure (offline) environment under strict controls. The tool takes a list of subcommands as arguments which are then processed sequentially. .sp -The tool includes two subcommands to interact \fIonline\fP with the exchange’s +The tool includes two subcommands to interact \fIonline\fP with the exchange\(aqs REST APIs. To determine how to talk to the exchange, these two subcommands rely on the \fBBASE_URL\fP configuration option from the \fB[exchange]\fP section of the configuration file. The \fBdownload\fP subcommand downloads the future @@ -55,10 +55,10 @@ public keys from the running exchange. The resulting data serves as input to the \fBsign\fP and \fBshow\fP subcommands. The \fBupload\fP subcommand uploads the signatures created with the private master key to the exchange. It handles the output of all subcommands (except \fBdownload\fP). The \fBdownload\fP and -\fBupload\fP subcommands must naturally be run “online” and do not require +\fBupload\fP subcommands must naturally be run "online" and do not require access to the offline key. .sp -All other subcommands are intended to be run “offline”. However, especially +All other subcommands are intended to be run "offline". However, especially when testing, it is of course possible to run the subcommands online as well. Generally, subcommands read inputs (beyond command\-line arguments) from \fBstdin\fP\&. However, they may also consume outputs of previous @@ -68,21 +68,21 @@ and if not consumed the final output is printed to \fBstdout\fP\&. The general options for \fBtaler\-exchange\-offline\fP are: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH CONFIGURATION @@ -102,17 +102,17 @@ $ taler\-exchange\-offline setup .UNINDENT .sp Note that if the private key file already exists, the above will simply output -the existing key. Passing additional arguments after setup (including “\-“) +the existing key. Passing additional arguments after setup (including "\-") will cause the output to be encapsulated in JSON. .sp Relevant configuration options for \fBtaler\-exchange\-offline\fP are: .INDENT 0.0 .IP \(bu 2 -\fB[exchange/BASE_URL]\fP — how to reach the exchange (for download/upload) +\fB[exchange/BASE_URL]\fP \-\-\- how to reach the exchange (for download/upload) .IP \(bu 2 -\fB[exchange\-offline/MASTER_PRIV_FILE]\fP — where to store the private keys +\fB[exchange\-offline/MASTER_PRIV_FILE]\fP \-\-\- where to store the private keys .IP \(bu 2 -\fB[exchange\-offline/SECM_TOFU_FILE]\fP — where to store TOFU data +\fB[exchange\-offline/SECM_TOFU_FILE]\fP \-\-\- where to store TOFU data .UNINDENT .SH SUBCOMMANDS .SS setup @@ -172,23 +172,23 @@ in a format suitable for the \fBupload\fP subcommand. .sp This subcommand informs an exchange that an auditor is to be activated. Afterwards, the -exchange will accept inputs from that auditor’s \fBtaler\-auditor\-offline\fP +exchange will accept inputs from that auditor\(aqs \fBtaler\-auditor\-offline\fP tool. Note that the auditor also must add the exchange to the list of exchanges that it audits via \fBtaler\-auditor\-exchange\fP\&. Furthermore, the -exchange’s database will need to be provided to the auditor. This subcommand +exchange\(aqs database will need to be provided to the auditor. This subcommand only informs the exchange about the auditor, but does not perform those additional mandatory steps for a working auditor. .sp -The auditor’s public key must be given in the usual base32\-encoding as the +The auditor\(aqs public key must be given in the usual base32\-encoding as the first argument. .sp -The auditor’s REST API base URL must be given as the second argument. The tool -performs a minimal sanity check, namely that the URL begins with “http” -(this also allows “https”), but as it runs offline does not perform any further +The auditor\(aqs REST API base URL must be given as the second argument. The tool +performs a minimal sanity check, namely that the URL begins with "http" +(this also allows "https"), but as it runs offline does not perform any further validation! .sp The third argument must be a human\-readable name for the auditor. This may -be shown to users and should identify the auditor’s business entity. If +be shown to users and should identify the auditor\(aqs business entity. If the name includes spaces, the argument should be quoted. .sp The subcommand takes no inputs from \fBstdin\fP or other subcommands. @@ -199,10 +199,10 @@ in a format suitable for the \fBupload\fP subcommand. .sp This subcommand informs an exchange that an auditor is to be deactivated. Afterwards, the -exchange will refuse inputs from that auditor’s \fBtaler\-auditor\-offline\fP +exchange will refuse inputs from that auditor\(aqs \fBtaler\-auditor\-offline\fP tool. .sp -The auditor’s public key must be given in the usual base32\-encoding as the +The auditor\(aqs public key must be given in the usual base32\-encoding as the first argument. .sp The subcommand takes no inputs from \fBstdin\fP or other subcommands. @@ -212,7 +212,7 @@ in a format suitable for the \fBupload\fP subcommand. .SS enable\-account .sp This subcommand -informs an exchange that it should advertize a bank account as belonging to +informs an exchange that it should advertise a bank account as belonging to the exchange on its \fB/wire\fP endpoint. Note that this does \fInot\fP ensure that the exchange will use this bank account for incoming or outgoing wire transfers! For this, the \fBtaler\-exchange\-transfer\fP and @@ -221,7 +221,7 @@ account information advertized could theoretically differ from that which these tool actually use, for example if the public bank account is only a front for the actual internal business accounts. .sp -The \fBpayto://\fP URI (RFC 8905) of the exchange’s bank account must be given +The \fBpayto://\fP URI (RFC 8905) of the exchange\(aqs bank account must be given as the first argument to the subcommand. .sp The subcommand takes no inputs from \fBstdin\fP or other subcommands. @@ -234,7 +234,7 @@ This subcommand informs an exchange that it should stop advertising a bank account as belonging to the exchange on its \fB/wire\fP endpoint. .sp -The \fBpayto://\fP URI (RFC 8905) of the exchange’s (former) bank account must be +The \fBpayto://\fP URI (RFC 8905) of the exchange\(aqs (former) bank account must be given as the first argument to the subcommand. .sp The subcommand takes no inputs from \fBstdin\fP or other subcommands. @@ -243,13 +243,13 @@ It outputs the signature affirming the deletion of the wire account, in a format suitable for the \fBupload\fP subcommand. .SS wire\-fee .sp -This subcommand informs an exchange about the desired wire fee (and closing fee) -structure for particular wire method and a calendar year (!). The tool does not +This subcommand informs an exchange about the desired wire fee structure (that is, wire, closing and wad fees) +for particular wire method and a calendar year (!). The tool does not permit changing wire fees during a calendar year. Also, once the wire fee has been set for a calendar year, it cannot be changed. .sp The subcommand takes the year, wire\-method (see RFC 8905, examples include -\fBx\-taler\-bank\fP or \fBiban\fP), wire fee and closing fee as arguments. +\fBx\-taler\-bank\fP or \fBiban\fP), wire fee, closing fee and wad fee as arguments. Instead of a year, the string \fBnow\fP can be given for the current year (this is mostly useful for test cases). The wire\-method should follow the GANA registry as given in RFC 8905. The fees must be given in the usual @@ -259,6 +259,23 @@ The subcommand takes no inputs from \fBstdin\fP or other subcommands. .sp It outputs the signature affirming the wire fees, in a format suitable for the \fBupload\fP subcommand. +.SS global\-fee +.sp +This subcommand informs an exchange about the desired global fee structure and +related global configuration options for a calendar year (!). The tool does +not permit changing global fees during a calendar year. Also, once the global +fee structure has been set for a calendar year, it cannot be changed. +.sp +The subcommand takes the year, history fee, kyc fee, account fee, purse fee, +purse timeout, kyc timeout, history expiration and the (free) purse (per) +account limit as arguments. Instead of a year, the string \fBnow\fP can be +given for the current year (this is mostly useful for test cases). The fees +must be given in the usual Taler format of \fBCURRENCY:NUMBER.FRACTION\fP\&. +.sp +The subcommand takes no inputs from \fBstdin\fP or other subcommands. +.sp +It outputs the signature affirming the global fees, in a format suitable for +the \fBupload\fP subcommand. .SS enable\-partner .sp This subcommand informs an exchange about the wad fee and frequency to apply @@ -271,11 +288,11 @@ Partner exchange base URL. .IP 2. 3 Partner exchange master public key. .IP 3. 3 -Calendar year for which the fee applies, ‘now’ for the current year. +Calendar year for which the fee applies, \(aqnow\(aq for the current year. .IP 4. 3 -Wad frequency, in minutes (for example, ‘30’). +Wad frequency, in minutes (for example, \(aq30\(aq). .IP 5. 3 -Wad fee (for example, ‘KUDOS:0.1’). +Wad fee (for example, \(aqKUDOS:0.1\(aq). .UNINDENT .UNINDENT .UNINDENT @@ -288,7 +305,7 @@ The arguments provided must include: .INDENT 3.5 .INDENT 0.0 .IP 1. 3 -Calendar year for which the fee applies, ‘now’ for the current year. +Calendar year for which the fee applies, \(aqnow\(aq for the current year. .IP 2. 3 KYC timeout. How long does the exchange keep a reserve open that is waiting for the KYC. .IP 3. 3 @@ -448,7 +465,7 @@ $ taler\-exchange\-offline revoke\-signkey $SK revoke\-denomkey $DKH > mix.json .UNINDENT .UNINDENT .sp -The outputs (“revoke.json”, “mix.json”) must be uploaded using the \fBupload\fP +The outputs ("revoke.json", "mix.json") must be uploaded using the \fBupload\fP subcommand to the exchange to actually revoke the keys. .SH SECURITY CONSIDERATIONS .sp @@ -457,8 +474,8 @@ system with \fImonotonic time\fP\&. The time does not have to precisely match th of the exchange, but it must be monotonic across tool invocations. The clock of the offline system is used in the enable/disable signatures to communicate an order of the events to the exchange. This prevents someone from replaying -an older “enable” (or “disable”) message after a more recent “disable” (or -“enable”) message has been provided to the exchange. Thus, there is no need +an older "enable" (or "disable") message after a more recent "disable" (or +"enable") message has been provided to the exchange. Thus, there is no need to keep the actual files exchanged with the offline tool secret. .sp The \fBtaler\-exchange\-offline\fP tool tries to make sure that the online signing @@ -468,7 +485,7 @@ but \fInot\fP the security modules from providing attacker\-controlled keys to t offline signing process. .sp For this, the \fBtaler\-exchange\-offline\fP signing subcommand always -automatically learns the security module’s public signing key and \fItrusts it +automatically learns the security module\(aqs public signing key and \fItrusts it on first use\fP (TOFU), but stores it to disk (see the \fBSECM_TOFU_FILE\fP option in the \fB[exchange\-offline]\fP section of the configuration). If the keys change subsequently, the tool will refuse to sign. diff --git a/man/taler-exchange-router.1 b/man/taler-exchange-router.1 new file mode 100644 index 00000000..3f657922 --- /dev/null +++ b/man/taler-exchange-router.1 @@ -0,0 +1,89 @@ +.\" Man page generated from reStructuredText. +. +.TH "TALER-EXCHANGE-ROUTER" "1" "Jun 20, 2022" "0.8" "GNU Taler" +.SH NAME +taler-exchange-router \- route payments to partner exchanges +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBtaler\-exchange\-router\fP +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ |\ \fB\-\-test\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +.SH DESCRIPTION +.sp +\fBtaler\-exchange\-router\fP is a NOT YET IMPLEMENTED command\-line +tool to route P2P payments to partner exchanges via wad transfers. +This will be needed if wallet\-to\-wallet payments are made between +wallets where the recipient has performed the KYC at a different +exchange than the sender. This is currently not supported. +.INDENT 0.0 +.TP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP +Use the configuration and other resources for the exchange to operate +from \fIFILENAME\fP\&. +.TP +\fB\-h\fP | \fB\-\-help\fP +Print short help on options. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP +Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, +\fBWARNING\fP, \fBERROR\fP\&. +.TP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP +Send logging output to \fIFILENAME\fP\&. +.TP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP +Modify the system time by \fIUSEC\fP microseconds. +\fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). +This option is intended for debugging/testing only. +.TP +\fB\-t\fP | \fB\-\-test\fP +Run in test mode and exit when idle. +.TP +\fB\-v\fP | \fB\-\-version\fP +Print version information. +.UNINDENT +.SH SEE ALSO +.sp +taler\-exchange\-expire(1), taler\-exchange\-httpd(1), taler.conf(5). +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.taler.net/\fP or by sending electronic +mail to <\fI\%taler@gnu.org\fP>. +.SH AUTHOR +GNU Taler contributors +.SH COPYRIGHT +2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/man/taler-exchange-secmod-cs.1 b/man/taler-exchange-secmod-cs.1 new file mode 100644 index 00000000..9b7ddd73 --- /dev/null +++ b/man/taler-exchange-secmod-cs.1 @@ -0,0 +1,95 @@ +.\" Man page generated from reStructuredText. +. +.TH "TALER-EXCHANGE-SECMOD-CS" "1" "Jun 20, 2022" "0.8" "GNU Taler" +.SH NAME +taler-exchange-secmod-cs \- handle private CS key operations for a Taler exchange +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +\fBtaler\-exchange\-secmod\-cs\fP +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-p\fP\ \fIN\fP\ |\ ,**\-\-parallelism=**\fIN\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ \fITIMESTAMP\fP\ |\ \fB\-\-time=\fP\fITIMESTAMP\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +.SH DESCRIPTION +.sp +\fBtaler\-exchange\-secmod\-cs\fP is a command\-line tool to +handle private Clause\-Schnorr key operations for a Taler exchange. +.sp +FIXME: More details. +.sp +Its options are as follows: +.INDENT 0.0 +.TP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP +Use the configuration and other resources for the merchant to operate +from \fIFILENAME\fP\&. +.TP +\fB\-h\fP | \fB\-\-help\fP +Print short help on options. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP +Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, +\fBWARNING\fP, \fBERROR\fP\&. +.TP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP +Send logging output to \fIFILENAME\fP\&. +.TP +\fBp\fP \fIN\fP | \fB\-\-parallelism=\fP\fIN\fP +Run with \fIN\fP worker threads. +.TP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP +Modify the system time by \fIUSEC\fP microseconds. +\fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). +This option is intended for debugging/testing only. +.TP +\fB\-t\fP \fITIMESTAMP\fP | \fB\-\-time=\fP\fITIMESTAMP\fP +Pretend it is \fITIMESTAMP\fP for the update. +\fITIMESTAMP\fP is a human\-readable string (e.g., \fBYYYY\-MM\-DD HH:MM:SS\fP). +.TP +\fB\-v\fP | \fB\-\-version\fP +Print version information. +.UNINDENT +.SH SEE ALSO +.sp +taler\-exchange\-httpd(1). +.SH BUGS +.sp +Report bugs by using \fI\%https://bugs.taler.net\fP or by sending electronic +mail to <\fI\%taler@gnu.org\fP>. +.SH AUTHOR +GNU Taler contributors +.SH COPYRIGHT +2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) +.\" Generated by docutils manpage writer. +. diff --git a/man/taler-exchange-secmod-eddsa.1 b/man/taler-exchange-secmod-eddsa.1 index fb91fde3..d2168a03 100644 --- a/man/taler-exchange-secmod-eddsa.1 +++ b/man/taler-exchange-secmod-eddsa.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-SECMOD-EDDSA" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-SECMOD-EDDSA" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-secmod-eddsa \- handle private EDDSA key operations for a Taler exchange . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-secmod\-eddsa\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-p\fP\ \fIN\fP\ |\ ,**–parallelism=**\fIN\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-t\fP\ \fITIMESTAMP\fP\ |\ \fB–time=\fP\fITIMESTAMP\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-p\fP\ \fIN\fP\ |\ ,**\-\-parallelism=**\fIN\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ \fITIMESTAMP\fP\ |\ \fB\-\-time=\fP\fITIMESTAMP\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-secmod\-eddsa\fP is a command\-line tool to @@ -51,33 +51,33 @@ FIXME: More details. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fBp\fP \fIN\fP | \fB–parallelism=\fP\fIN\fP +\fBp\fP \fIN\fP | \fB\-\-parallelism=\fP\fIN\fP Run with \fIN\fP worker threads. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP \fITIMESTAMP\fP | \fB–time=\fP\fITIMESTAMP\fP +\fB\-t\fP \fITIMESTAMP\fP | \fB\-\-time=\fP\fITIMESTAMP\fP Pretend it is \fITIMESTAMP\fP for the update. \fITIMESTAMP\fP is a human\-readable string (e.g., \fBYYYY\-MM\-DD HH:MM:SS\fP). .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-secmod-rsa.1 b/man/taler-exchange-secmod-rsa.1 index c88af796..f0bcf8b1 100644 --- a/man/taler-exchange-secmod-rsa.1 +++ b/man/taler-exchange-secmod-rsa.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-SECMOD-RSA" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-SECMOD-RSA" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-secmod-rsa \- handle private RSA key operations for a Taler exchange . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-secmod\-rsa\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-p\fP\ \fIN\fP\ |\ ,**–parallelism=**\fIN\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-t\fP\ \fITIMESTAMP\fP\ |\ \fB–time=\fP\fITIMESTAMP\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-p\fP\ \fIN\fP\ |\ ,**\-\-parallelism=**\fIN\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-t\fP\ \fITIMESTAMP\fP\ |\ \fB\-\-time=\fP\fITIMESTAMP\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-secmod\-rsa\fP is a command\-line tool to @@ -51,33 +51,33 @@ FIXME: More details. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fBp\fP \fIN\fP | \fB–parallelism=\fP\fIN\fP +\fBp\fP \fIN\fP | \fB\-\-parallelism=\fP\fIN\fP Run with \fIN\fP worker threads. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP \fITIMESTAMP\fP | \fB–time=\fP\fITIMESTAMP\fP +\fB\-t\fP \fITIMESTAMP\fP | \fB\-\-time=\fP\fITIMESTAMP\fP Pretend it is \fITIMESTAMP\fP for the update. \fITIMESTAMP\fP is a human\-readable string (e.g., \fBYYYY\-MM\-DD HH:MM:SS\fP). .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-transfer.1 b/man/taler-exchange-transfer.1 index f3c8194c..666de08b 100644 --- a/man/taler-exchange-transfer.1 +++ b/man/taler-exchange-transfer.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-TRANSFER" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-TRANSFER" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-transfer \- execute wire transfers . @@ -33,42 +33,42 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-transfer\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel\fP\fIUSEC\fP] -[\fB\-t\fP\ |\ \fB–test\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel\fP\fIUSEC\fP] +[\fB\-t\fP\ |\ \fB\-\-test\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-transfer\fP is a command\-line tool to actually execute scheduled wire transfers (using the bank/wire gateway). The transfers are prepared by the \fBtaler\-exchange\-aggregator\fP and \fBtaler\-exchange\-closer\fP tools. .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP | \fB–test\fP +\fB\-t\fP | \fB\-\-test\fP Run in test mode and exit when idle. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-wire-gateway-client.1 b/man/taler-exchange-wire-gateway-client.1 index f03772c5..f978341e 100644 --- a/man/taler-exchange-wire-gateway-client.1 +++ b/man/taler-exchange-wire-gateway-client.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-WIRE-GATEWAY-CLIENT" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-WIRE-GATEWAY-CLIENT" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-wire-gateway-client \- trigger a transfer at the bank . @@ -33,22 +33,22 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-wire\-gateway\-client\fP -[\fB\-a\fP\ \fIVALUE\fP\ |\ \fB–amount=\fP\fIVALUE\fP] -[\fB\-b\fP\ \fIURL\fP\ |\ \fB–bank=\fP\fIURL\fP] -[\fB\-C\fP\ \fIACCOUNT\fP\ |\ \fB–credit=\fP\fIACCOUNT\fP] -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-D\fP\ \fIACCOUNT\fP\ |\ \fB–debit=\fP\fIACCOUNT\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-i\fP\ |\ \fB–credit\-history\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-o\fP\ |\ \fB–debit\-history\fP] -[\fB\-p\fP\ \fIPASSPHRASE\fP\ |\ \fB–pass=\fP\fIPASSPHRASE\fP] -[\fB\-S\fP\ \fISTRING\fP\ |\ \fB–subject=\fP\fISTRING\fP] -[\fB\-s\fP\ \fIACCOUNT\-SECTION\fP\ |\ \fB–section=\fP\fIACCOUNT\-SECTION\fP] -[\fB\-u\fP\ \fIUSERNAME\fP\ |\ \fB–user=\fP\fIUSERNAME\fP] -[\fB\-v\fP\ |\ \fB–version\fP] -[\fB\-w\fP\ \fIROW\fP\ |\ \fB–since\-when=\fP\fIROW\fP] +[\fB\-a\fP\ \fIVALUE\fP\ |\ \fB\-\-amount=\fP\fIVALUE\fP] +[\fB\-b\fP\ \fIURL\fP\ |\ \fB\-\-bank=\fP\fIURL\fP] +[\fB\-C\fP\ \fIACCOUNT\fP\ |\ \fB\-\-credit=\fP\fIACCOUNT\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-D\fP\ \fIACCOUNT\fP\ |\ \fB\-\-debit=\fP\fIACCOUNT\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-i\fP\ |\ \fB\-\-credit\-history\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-o\fP\ |\ \fB\-\-debit\-history\fP] +[\fB\-p\fP\ \fIPASSPHRASE\fP\ |\ \fB\-\-pass=\fP\fIPASSPHRASE\fP] +[\fB\-S\fP\ \fISTRING\fP\ |\ \fB\-\-subject=\fP\fISTRING\fP] +[\fB\-s\fP\ \fIACCOUNT\-SECTION\fP\ |\ \fB\-\-section=\fP\fIACCOUNT\-SECTION\fP] +[\fB\-u\fP\ \fIUSERNAME\fP\ |\ \fB\-\-user=\fP\fIUSERNAME\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] +[\fB\-w\fP\ \fIROW\fP\ |\ \fB\-\-since\-when=\fP\fIROW\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-wire\-gateway\-client\fP is a command\-line tool to trigger bank transfers or @@ -77,58 +77,58 @@ on transaction history operations. .SH OPTIONS .INDENT 0.0 .TP -\fB\-a\fP \fIVALUE\fP | \fB–amount=\fP\fIVALUE\fP +\fB\-a\fP \fIVALUE\fP | \fB\-\-amount=\fP\fIVALUE\fP Amount to transfer. Given in the Taler\-typical format of CURRENCY:VALUE.FRACTION. .TP -\fB\-b\fP \fIURL\fP | \fB–bank=\fP\fIURL\fP +\fB\-b\fP \fIURL\fP | \fB\-\-bank=\fP\fIURL\fP URL at which the bank is operation. Conflicts with \fB\-s\fP\&. .TP -\fB\-C\fP \fIACCOUNT\fP | \fB–credit=\fP\fIACCOUNT\fP +\fB\-C\fP \fIACCOUNT\fP | \fB\-\-credit=\fP\fIACCOUNT\fP When doing a wire transfer from the exchange, the money should be credited to \fIACCOUNT\fP\&. Specifies the payto:// URI of the account. Can also be used as a filter by credit account when looking at transaction histories. .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the given configuration file. .TP -\fB\-D\fP \fIACCOUNT\fP | \fB–debit=\fP\fIACCOUNT\fP +\fB\-D\fP \fIACCOUNT\fP | \fB\-\-debit=\fP\fIACCOUNT\fP When doing a wire transfer to the exchange, the \fIACCOUNT\fP is to be debited. Specifies the payto:// URI of the account. Can also be used as a filter by debit account when looking at transaction histories. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–credit\-history\fP +\fB\-i\fP | \fB\-\-credit\-history\fP Obtain credit history of the exchange. Conflicts with \fB\-o\fP\&. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-o\fP | \fB–debit\-history\fP +\fB\-o\fP | \fB\-\-debit\-history\fP Obtain debit history of the exchange. Conflicts with \fB\-i\fP\&. .TP -\fB\-p\fP \fIPASSPHRASE\fP | \fB–pass=\fP\fIPASSPHRASE\fP +\fB\-p\fP \fIPASSPHRASE\fP | \fB\-\-pass=\fP\fIPASSPHRASE\fP Specifies the pass phrase for authentication. Conflicts with \fB\-s\fP\&. .TP -\fB\-S\fP \fISUBJECT\fP | \fB–subject=\fP\fISUBJECT\fP +\fB\-S\fP \fISUBJECT\fP | \fB\-\-subject=\fP\fISUBJECT\fP Use \fISUBJECT\fP for the wire transfer subject. Must be a reserve public key for credit operations and a wire transfer identifier for debit operations. If not specified, a random value will be generated instead. .TP -\fB\-s\fP \fIACCOUNT_SECTION\fP | \fB–section=\fP\fIACCOUNT\-SECTION\fP +\fB\-s\fP \fIACCOUNT_SECTION\fP | \fB\-\-section=\fP\fIACCOUNT\-SECTION\fP Obtain exchange account information from the \fIACCOUNT\-SECTION\fP of the configuration. The argument must be a \fB[exchange\-accountcredentials\-$NAME]\fP section name and thus start with the \fBexchange\-accountcredentials\-\fP prefix. Conflicts with \fB\-u\fP, \fB\-p\fP and \fB\-b\fP\&. Note that either \fB\-b\fP or \fB\-s\fP must be specified. .TP -\fB\-u\fP \fIUSERNAME\fP | \fB–user=\fP\fIUSERNAME\fP +\fB\-u\fP \fIUSERNAME\fP | \fB\-\-user=\fP\fIUSERNAME\fP Specifies the username for authentication. Optional and conflicts with \fB\-s\fP\&. If neither \fB\-u\fP nor \fB\-s\fP are used, we will attempt to talk to the bank without authentication. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .TP -\fB\-w\fP \fIROW\fP | \fB–since\-when=\fP\fIROW\fP +\fB\-w\fP \fIROW\fP | \fB\-\-since\-when=\fP\fIROW\fP Specifies a \fIROW\fP from which the history should be obtained. If not given, the 10 youngest transactions are returned. .UNINDENT .SH SEE ALSO diff --git a/man/taler-exchange-wirewatch.1 b/man/taler-exchange-wirewatch.1 index 35403ed3..fc2e50c3 100644 --- a/man/taler-exchange-wirewatch.1 +++ b/man/taler-exchange-wirewatch.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-EXCHANGE-WIREWATCH" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-EXCHANGE-WIREWATCH" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-exchange-wirewatch \- watch for incoming wire transfers . @@ -33,14 +33,15 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-exchange\-wirewatch\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-r\fP\ |\ \fB–reset\fP] -[\fB\-T\fP\ |\ \fB–test\fP] -[\fB\-t\fP\ \fIPLUGINNAME\fP\ |\ \fB–type=\fP\fIPLUGINNAME\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-I**_|_\fP\-\-ignore\-not\-found**] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-r\fP\ |\ \fB\-\-reset\fP] +[\fB\-T\fP\ |\ \fB\-\-test\fP] +[\fB\-t\fP\ \fIPLUGINNAME\fP\ |\ \fB\-\-type=\fP\fIPLUGINNAME\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-exchange\-wirewatch\fP is a command\-line tool to import wire @@ -49,33 +50,37 @@ transactions into the Taler exchange database. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the exchange to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-I\fP | \fB\-\-ignore\-not\-found\fP +Do not fail if the bank says that the exchange bank account does not (yet) exist. +Keep trying. +.TP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-r\fP | \fB–reset\fP +\fB\-r\fP | \fB\-\-reset\fP Ignore our own database and start with transactions from the beginning of time. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-t\fP | \fB–test\fP +\fB\-t\fP | \fB\-\-test\fP Run in test mode and exit when idle. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-helper-auditor-aggregation.1 b/man/taler-helper-auditor-aggregation.1 index 6a9007da..a1dce292 100644 --- a/man/taler-helper-auditor-aggregation.1 +++ b/man/taler-helper-auditor-aggregation.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-HELPER-AUDITOR-AGGREGATION" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-AGGREGATION" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-helper-auditor-aggregation \- audit Taler exchange aggregation activity . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-helper\-auditor\-aggregation\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fBi\fP\ |\ \fB–internal\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIKEY\fP\ |\ \fB–exchange\-key=\fP\fIKEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fBi\fP\ |\ \fB\-\-internal\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIKEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-helper\-auditor\-aggregation\fP is a command\-line tool to @@ -51,32 +51,32 @@ FIXME: More detail. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Perform checks only applicable for exchange\-internal audits. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Use \fIKEY\fP (Crockford base32 encoded) as the public key of the exchange. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-helper-auditor-coins.1 b/man/taler-helper-auditor-coins.1 index db339baa..c451d34e 100644 --- a/man/taler-helper-auditor-coins.1 +++ b/man/taler-helper-auditor-coins.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-HELPER-AUDITOR-COINS" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-COINS" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-helper-auditor-coins \- audit Taler coin processing . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-helper\-auditor\-coins\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fBi\fP\ |\ \fB–internal\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIKEY\fP\ |\ \fB–exchange\-key=\fP\fIKEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fBi\fP\ |\ \fB\-\-internal\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIKEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-helper\-auditor\-coins\fP is a command\-line tool to @@ -51,32 +51,32 @@ FIXME: More detail. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Perform checks only applicable for exchange\-internal audits. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Use \fIKEY\fP (Crockford base32 encoded) as the public key of the exchange. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-helper-auditor-deposits.1 b/man/taler-helper-auditor-deposits.1 index 44a66bba..3779132b 100644 --- a/man/taler-helper-auditor-deposits.1 +++ b/man/taler-helper-auditor-deposits.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-HELPER-AUDITOR-DEPOSITS" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-DEPOSITS" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-helper-auditor-deposits \- audit Taler exchange database for deposit confirmation consistency . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-helper\-auditor\-deposits\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fBi\fP\ |\ \fB–internal\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIKEY\fP\ |\ \fB–exchange\-key=\fP\fIKEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fBi\fP\ |\ \fB\-\-internal\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIKEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-helper\-auditor\-deposits\fP is a command\-line tool to @@ -51,32 +51,32 @@ FIXME: More detail. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Perform checks only applicable for exchange\-internal audits. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Use \fIKEY\fP (Crockford base32 encoded) as the public key of the exchange. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-helper-auditor-reserves.1 b/man/taler-helper-auditor-reserves.1 index 7955b41c..888df536 100644 --- a/man/taler-helper-auditor-reserves.1 +++ b/man/taler-helper-auditor-reserves.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-HELPER-AUDITOR-RESERVES" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-RESERVES" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-helper-auditor-reserves \- audit Taler exchange reserve handling . @@ -33,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-helper\-auditor\-reserves\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fBi\fP\ |\ \fB–internal\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIKEY\fP\ |\ \fB–exchange\-key=\fP\fIKEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fBi\fP\ |\ \fB\-\-internal\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIKEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-helper\-auditor\-reserves\fP is a command\-line tool to @@ -51,32 +51,32 @@ FIXME: More detail. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Perform checks only applicable for exchange\-internal audits. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Use \fIKEY\fP (Crockford base32 encoded) as the public key of the exchange. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-helper-auditor-wire.1 b/man/taler-helper-auditor-wire.1 index 633ef08e..0549702f 100644 --- a/man/taler-helper-auditor-wire.1 +++ b/man/taler-helper-auditor-wire.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-HELPER-AUDITOR-WIRE" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-WIRE" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-helper-auditor-wire \- audit exchange database for consistency with the bank's wire transfers . @@ -33,50 +33,50 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-helper\-auditor\-wire\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fBi\fP\ |\ \fB–internal\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIKEY\fP\ |\ \fB–exchange\-key=\fP\fIKEY\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel=\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fBi\fP\ |\ \fB\-\-internal\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIKEY\fP\ |\ \fB\-\-exchange\-key=\fP\fIKEY\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel=\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-helper\-auditor\-wire\fP is a command\-line tool to -audit exchange database for consistency with the bank’s wire transfers. +audit exchange database for consistency with the bank\(aqs wire transfers. .sp FIXME: More detail. .sp Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the auditor to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-i\fP | \fB–internal\fP +\fB\-i\fP | \fB\-\-internal\fP Perform checks only applicable for exchange\-internal audits. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIKEY\fP | \fB–exchange\-key=\fP\fIKEY\fP +\fB\-m\fP \fIKEY\fP | \fB\-\-exchange\-key=\fP\fIKEY\fP Use \fIKEY\fP (Crockford base32 encoded) as the public key of the exchange. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-merchant-benchmark.1 b/man/taler-merchant-benchmark.1 index d3b215f7..87654984 100644 --- a/man/taler-merchant-benchmark.1 +++ b/man/taler-merchant-benchmark.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-MERCHANT-BENCHMARK" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-MERCHANT-BENCHMARK" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-merchant-benchmark \- generate Taler-style benchmarking payments . @@ -46,10 +46,10 @@ default instance) and aggregated by the exchange. Takes the following options. .INDENT 7.0 .TP -\fB\-p\fP \fIPN\fP | \fB–payments\-number=\fP\fIPN\fP +\fB\-p\fP \fIPN\fP | \fB\-\-payments\-number=\fP\fIPN\fP Perform PN many payments, defaults to 1. .TP -\fB\-t\fP \fITN\fP | \fB–tracks\-number=\fP\fITN\fP +\fB\-t\fP \fITN\fP | \fB\-\-tracks\-number=\fP\fITN\fP Perform TN many tracking operations, defaults to 1. .UNINDENT .TP @@ -59,11 +59,11 @@ leaving payments unaggregated, or using a non\-default merchant instance. Takes the following options. .INDENT 7.0 .TP -\fB\-t\fP \fITC\fP | \fB–two\-coins=\fP\fITC\fP +\fB\-t\fP \fITC\fP | \fB\-\-two\-coins=\fP\fITC\fP Perform TC many payments that use two coins (normally, all the payments use only one coin). TC defaults to 1. .TP -\fB\-u\fP \fIUN\fP | \fB–unaggregated\-number=\fP\fIUN\fP +\fB\-u\fP \fIUN\fP | \fB\-\-unaggregated\-number=\fP\fIUN\fP Generate UN payments that will be left unaggregated. Note that subsequent invocations of the generator may pick those unaggregated payments and actually aggregated them. @@ -72,28 +72,28 @@ unaggregated payments and actually aggregated them. .SH COMMON OPTIONS .INDENT 0.0 .TP -\fB\-a\fP \fIAPIKEY\fP | \fB–apikey=\fP\fIAPIKEY\fP -HTTP ‘Authorization’ header to send to the merchant. +\fB\-a\fP \fIAPIKEY\fP | \fB\-\-apikey=\fP\fIAPIKEY\fP +HTTP \(aqAuthorization\(aq header to send to the merchant. .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from FILENAME. .TP -\fB\-e\fP \fISECTION\fP | \fB–exchange\-account=\fP\fISECTION\fP +\fB\-e\fP \fISECTION\fP | \fB\-\-exchange\-account=\fP\fISECTION\fP Mandatory. Configuration \fISECTION\fP specifying the exchange account to use. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler-merchant-dbinit.1 b/man/taler-merchant-dbinit.1 index 05e2ed8b..8465c684 100644 --- a/man/taler-merchant-dbinit.1 +++ b/man/taler-merchant-dbinit.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-MERCHANT-DBINIT" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-MERCHANT-DBINIT" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-merchant-dbinit \- initialize Taler merchant database . @@ -33,12 +33,12 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-merchant\-dbinit\fP -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-r\fP\ |\ \fB–reset\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-r\fP\ |\ \fB\-\-reset\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-merchant\-dbinit\fP is a command\-line tool to initialize the Taler @@ -48,21 +48,21 @@ Taler merchant to operate. Its options are as follows: .INDENT 0.0 .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fIFILENAME\fP\&. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-r\fP | \fB–reset\fP +\fB\-r\fP | \fB\-\-reset\fP Drop tables. Dangerous, will delete all existing data in the database before creating the tables. .TP diff --git a/man/taler-merchant-httpd.1 b/man/taler-merchant-httpd.1 index 8060ed7a..cb5024f2 100644 --- a/man/taler-merchant-httpd.1 +++ b/man/taler-merchant-httpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-MERCHANT-HTTPD" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-MERCHANT-HTTPD" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-merchant-httpd \- run Taler merchant backend (with RESTful API) . @@ -33,13 +33,13 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-merchant\-httpd\fP -[\fB\-C\fP\ |\ \fB–connection\-close\fP] -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB–timetravel\fP\fIUSEC\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-C\fP\ |\ \fB\-\-connection\-close\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-T\fP\ \fIUSEC\fP\ |\ \fB\-\-timetravel\fP\fIUSEC\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-merchant\-httpd\fP is a command\-line tool to run the Taler merchant @@ -48,44 +48,44 @@ before running this command. .SH OPTIONS .INDENT 0.0 .TP -\fB\-a\fP \fITOKEN\fP | \fB–auth=\fP\fITOKEN\fP +\fB\-a\fP \fITOKEN\fP | \fB\-\-auth=\fP\fITOKEN\fP Use TOKEN for initial access control to the merchant backend. The value given in TOKEN must appear in backoffice requests to the default instance -of the merchant, i.e. “Authorization: Bearer secret\-token:TOKEN” to obtain +of the merchant, i.e. "Authorization: Bearer secret\-token:TOKEN" to obtain access to the merchant backend. Note that setting a passphrase for the default instance by any means will block future access via TOKEN. This is basically a way to reset the passphrase protecting access. TOKEN -should be a “pchar” as per RFC 8959, but this is NOT checked. Note that -TOKEN will only grant access to the ‘default’ instance, not other instances. +should be a "pchar" as per RFC 8959, but this is NOT checked. Note that +TOKEN will only grant access to the \(aqdefault\(aq instance, not other instances. Instead of using the command\-line, which exposes TOKEN to users on the system, you may want to consider setting the TALER_MERCHANT_TOKEN environment variable instead. .TP -\fB\-C\fP | \fB–connection\-close\fP +\fB\-C\fP | \fB\-\-connection\-close\fP Force each HTTP connection to be closed after each request (useful in combination with \-f to avoid having to wait for nc to time out). .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from FILENAME. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-T\fP \fIUSEC\fP | \fB–timetravel=\fP\fIUSEC\fP +\fB\-T\fP \fIUSEC\fP | \fB\-\-timetravel=\fP\fIUSEC\fP Modify the system time by \fIUSEC\fP microseconds. \fIUSEC\fP may be prefixed with \fB+\fP or \fB\-\fP (e.g. \fB\-T +300\fP). This option is intended for debugging/testing only. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SIGNALS @@ -99,7 +99,7 @@ cleanly. .INDENT 0.0 .TP .B TALER_MERCHANT_TOKEN -Like the “\-a” option, resets the access token for the default +Like the "\-a" option, resets the access token for the default instance to the given value. .UNINDENT .SH SEE ALSO diff --git a/man/taler-merchant-setup-reserve.1 b/man/taler-merchant-setup-reserve.1 index e038442b..f4bffe44 100644 --- a/man/taler-merchant-setup-reserve.1 +++ b/man/taler-merchant-setup-reserve.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER-MERCHANT-SETUP-RESERVE" "1" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER-MERCHANT-SETUP-RESERVE" "1" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler-merchant-setup-reserve \- setup reserve for tipping at a Taler merchant backend . @@ -33,20 +33,20 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH SYNOPSIS .sp \fBtaler\-merchant\-setup\-reserve\fP -[\fB\-A\fP\ \fIUSERNAME:PASSWORD\fP\ |\ \fB–auth=\fP\fIUSERNAME:PASSWORD\fP] -[\fB\-a\fP\ \fIVALUE\fP\ |\ \fB–amount=\fP\fIVALUE\fP] -[\fB\-C\fP\ \fICERTFILE\fP\ |\ \fB–cert=\fP\fICERTFILE\fP] -[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB–config=\fP\fIFILENAME\fP] -[\fB\-e\fP\ \fIURL\fP\ |\ \fB–exchange\-url=\fP\fIURL\fP] -[\fB\-h\fP\ |\ \fB–help\fP] -[\fB\-k\fP\ \fIKEYFILE\fP\ |\ \fB–key=\fP\fIKEYFILE\fP] -[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB–loglevel=\fP\fILOGLEVEL\fP] -[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB–logfile=\fP\fIFILENAME\fP] -[\fB\-m\fP\ \fIURL\fP\ |\ \fB–merchant\-url=\fP\fIURL\fP] -[\fB\-p\fP\ \fIKEYFILEPASSPHRASE\fP\ |\ \fB–pass=\fP\fIKEYFILEPASSPHRASE\fP] -[\fB\-t\fP\ \fICERTTYPE\fP\ |\ \fB–type=\fP\fICERTTYPE\fP] -[\fB\-w\fP\ \fIMETHOD\fP\ |\ \fB–wire\-method=\fP\fIMETHOD\fP] -[\fB\-v\fP\ |\ \fB–version\fP] +[\fB\-A\fP\ \fIUSERNAME:PASSWORD\fP\ |\ \fB\-\-auth=\fP\fIUSERNAME:PASSWORD\fP] +[\fB\-a\fP\ \fIVALUE\fP\ |\ \fB\-\-amount=\fP\fIVALUE\fP] +[\fB\-C\fP\ \fICERTFILE\fP\ |\ \fB\-\-cert=\fP\fICERTFILE\fP] +[\fB\-c\fP\ \fIFILENAME\fP\ |\ \fB\-\-config=\fP\fIFILENAME\fP] +[\fB\-e\fP\ \fIURL\fP\ |\ \fB\-\-exchange\-url=\fP\fIURL\fP] +[\fB\-h\fP\ |\ \fB\-\-help\fP] +[\fB\-k\fP\ \fIKEYFILE\fP\ |\ \fB\-\-key=\fP\fIKEYFILE\fP] +[\fB\-L\fP\ \fILOGLEVEL\fP\ |\ \fB\-\-loglevel=\fP\fILOGLEVEL\fP] +[\fB\-l\fP\ \fIFILENAME\fP\ |\ \fB\-\-logfile=\fP\fIFILENAME\fP] +[\fB\-m\fP\ \fIURL\fP\ |\ \fB\-\-merchant\-url=\fP\fIURL\fP] +[\fB\-p\fP\ \fIKEYFILEPASSPHRASE\fP\ |\ \fB\-\-pass=\fP\fIKEYFILEPASSPHRASE\fP] +[\fB\-t\fP\ \fICERTTYPE\fP\ |\ \fB\-\-type=\fP\fICERTTYPE\fP] +[\fB\-w\fP\ \fIMETHOD\fP\ |\ \fB\-\-wire\-method=\fP\fIMETHOD\fP] +[\fB\-v\fP\ |\ \fB\-\-version\fP] .SH DESCRIPTION .sp \fBtaler\-merchant\-setup\-reserve\fP is a command\-line tool to setup a reserve @@ -55,68 +55,68 @@ from the exchange needed to fill the reserve. .SH OPTIONS .INDENT 0.0 .TP -\fB\-A\fP \fIUSERNAME:PASSWORD\fP | \fB–auth=\fP\fIUSERNAME:PASSWORD\fP +\fB\-A\fP \fIUSERNAME:PASSWORD\fP | \fB\-\-auth=\fP\fIUSERNAME:PASSWORD\fP Use \fBUSERNAME\fP and \fBPASSWORD\fP for HTTP client authentication. -The “:” must be present as a separator. +The ":" must be present as a separator. Note that this form of authentication has nothing to do with the TLS client certificate authentication supported with the \fB\-C\fP, \fB\-k\fP and \fB\-p\fP options. The \fBPASSWORD\fP given to this option is given to the server! .TP -\fB\-a\fP \fIVALUE\fP | \fB–amount=\fP\fIVALUE\fP +\fB\-a\fP \fIVALUE\fP | \fB\-\-amount=\fP\fIVALUE\fP Mandatory. Amount to be transferred to the reserve. .TP -\fB\-C\fP \fICERTFILE\fP | \fB–cert=\fP\fICERTFILE\fP +\fB\-C\fP \fICERTFILE\fP | \fB\-\-cert=\fP\fICERTFILE\fP The specified \fBCERTFILE\fP contains a TLS client certificate to be used to authenticate the client. See also \fB\-t\fP\&. .TP -\fB\-c\fP \fIFILENAME\fP | \fB–config=\fP\fIFILENAME\fP +\fB\-c\fP \fIFILENAME\fP | \fB\-\-config=\fP\fIFILENAME\fP Use the configuration and other resources for the merchant to operate from \fBFILENAME\fP\&. .TP -\fB\-e\fP \fIURL\fP | \fB–exchange\-url=\fP\fIURL\fP +\fB\-e\fP \fIURL\fP | \fB\-\-exchange\-url=\fP\fIURL\fP Mandatory. Use \fBURL\fP for the exchange base URL. This is the exchange where the reserve will be created. The currency used in the amount specification must be offered by this exchange. .TP -\fB\-h\fP | \fB–help\fP +\fB\-h\fP | \fB\-\-help\fP Print short help on options. .TP -\fB\-k\fP \fIKEYFILE\fP | \fB–key=\fP\fIKEYFILE\fP +\fB\-k\fP \fIKEYFILE\fP | \fB\-\-key=\fP\fIKEYFILE\fP The specified \fBKEYFILE\fP contains a TLS client private key to be used to authenticate the client. See also \fB\-p\fP and \fB\-C\fP\&. .TP -\fB\-L\fP \fILOGLEVEL\fP | \fB–loglevel=\fP\fILOGLEVEL\fP +\fB\-L\fP \fILOGLEVEL\fP | \fB\-\-loglevel=\fP\fILOGLEVEL\fP Specifies the log level to use. Accepted values are: \fBDEBUG\fP, \fBINFO\fP, \fBWARNING\fP, \fBERROR\fP\&. .TP -\fB\-l\fP \fIFILENAME\fP | \fB–logfile=\fP\fIFILENAME\fP +\fB\-l\fP \fIFILENAME\fP | \fB\-\-logfile=\fP\fIFILENAME\fP Send logging output to \fIFILENAME\fP\&. .TP -\fB\-m\fP \fIURL\fP | \fB–merchant\-url=\fP\fIURL\fP +\fB\-m\fP \fIURL\fP | \fB\-\-merchant\-url=\fP\fIURL\fP Mandatory. Use \fBURL\fP as the merchant base URL. Should include the path to the instance if the reserve is to be created for a non\-default instance. .TP -\fB\-p\fP \fIKEYFILEPASSPHRASE\fP | \fB–pass=\fP\fIKEYFILEPASSPHRASE\fP +\fB\-p\fP \fIKEYFILEPASSPHRASE\fP | \fB\-\-pass=\fP\fIKEYFILEPASSPHRASE\fP The specified \fBKEYFILEPASSPHRASE\fP is to be used to decrypt the KEYFILE. See also \fB\-k\fP\&. Not to be confused with \fB\-A\fP\&. The \fBKEYFILEPASSPHRASE\fP given here is only used locally to decrypt the KEYFILE. .TP -\fB\-t\fP \fICERTTYPE\fP | \fB–type=\fP\fICERTTYPE\fP +\fB\-t\fP \fICERTTYPE\fP | \fB\-\-type=\fP\fICERTTYPE\fP The specified CERTFILE contains a TLS client certificate of \fBCERTTYPE\fP\&. Default is \fBPEM\fP\&. See also \fB\-C\fP\&. .TP -\fB\-w\fP \fIMETHOD\fP | \fB–wire\-method=\fP\fIMETHOD\fP +\fB\-w\fP \fIMETHOD\fP | \fB\-\-wire\-method=\fP\fIMETHOD\fP Mandatory. Which wire method should be used. Needed to select the wire transfer method of the exchange. The method must be supported by the exchange. Typical values would be \fBiban\fP or \fBx\-taler\-bank\fP\&. .TP -\fB\-v\fP | \fB–version\fP +\fB\-v\fP | \fB\-\-version\fP Print version information. .UNINDENT .SH SEE ALSO diff --git a/man/taler.conf.5 b/man/taler.conf.5 index 1300d3de..5132d063 100644 --- a/man/taler.conf.5 +++ b/man/taler.conf.5 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "TALER.CONF" "5" "Aug 08, 2021" "0.8" "GNU Taler" +.TH "TALER.CONF" "5" "Jun 20, 2022" "0.8" "GNU Taler" .SH NAME taler.conf \- Taler configuration file . @@ -57,8 +57,9 @@ This can be simple, such as \fB$TMPDIR/foo\fP, or complex, such as \fB${TMPDIR:\-${TMP:\-/tmp}}/foo\fP\&. See \fB[PATHS]\fP (below). .sp -Values that represent a time duration are represented as a series of one or -more \fBNUMBER UNIT\fP pairs, e.g. \fB60 s\fP, \fB4 weeks 1 day\fP, \fB5 years 2 minutes\fP\&. +Values that represent a time duration are represented as a series +of one or more \fBNUMBER UNIT\fP pairs, e.g. \fB60 s\fP, \fB4 weeks 1 day\fP, +\fB5 years 2 minutes\fP\&. .sp Values that represent an amount are in the usual amount syntax: \fBCURRENCY:VALUE.FRACTION\fP, e.g. \fBEUR:1.50\fP\&. @@ -134,17 +135,36 @@ can be run offline (as the master key is for offline signing). .B BASE_URL The base URL under which the exchange can be reached. Added to wire transfers to enable tracking by merchants. +Used by the KYC logic when interacting with OAuth 2.0. .TP .B AGGREGATOR_IDLE_SLEEP_INTERVAL -For how long should the aggregator sleep when it is idle +For how long should the taler\-exchange\-aggregator sleep when it is idle before trying to look for more work? Default is 60 seconds. .TP +.B CLOSER_IDLE_SLEEP_INTERVAL +For how long should the taler\-exchange\-closer sleep when it is idle +before trying to look for more work? Default is 60 seconds. +.TP +.B TRANSFER_IDLE_SLEEP_INTERVAL +For how long should the taler\-exchange\-transfer sleep when it is idle +before trying to look for more work? Default is 60 seconds. +.TP +.B WIREWATCH_IDLE_SLEEP_INTERVAL +For how long should the taler\-exchange\-wirewatch sleep when it is idle +before trying to look for more work? Default is 60 seconds. +.TP +.B AGGREGATOR_SHARD_SIZE +Which share of the range from [0,..2147483648] should be processed by one of the shards of the aggregator. Useful only for Taler exchanges with ultra high\-performance needs. When changing this value, you must stop all aggregators and run "taler\-exchange\-dbinit \-s" before resuming. Default is 2147483648 (no sharding). +.TP .B SIGNKEY_LEGAL_DURATION For how long are signatures with signing keys legally valid? .TP .B MAX_KEYS_CACHING For how long should clients cache \fB/keys\fP responses at most? .TP +.B MAX_REQUESTS +How many requests should the HTTP server process at most before committing suicide? +.TP .B TERMS_DIR Directory where the terms of service of the exchange operator can be fund. The directory must contain sub\-directories for every supported language, @@ -185,6 +205,49 @@ Works the same as \fBTERMS_DIR\fP, just for the privacy policy. .TP .B PRIVACY_ETAG Works the same as \fBTERMS_ETAG\fP, just for the privacy policy. +.TP +.B KYC_MODE +Set to "NONE" to disable KYC for this exchange (but check with your lawyer first). +Set to "OAUTH2" to use OAuth2 for KYC. +.TP +.B KYC_WITHDRAW_LIMIT +Maximum amount that can be withdrawn in +KYC_WITHDRAW_PERIOD without needing KYC. +Only used if KYC_MODE is not "NONE". +.TP +.B KYC_WITHDRAW_PERIOD +The time period over which transactions +are considered for the KYC_WITHDRAW_LIMIT. +Only used if KYC_MODE is not "NONE". +.TP +.B KYC_WALLET_BALANCE_LIMIT +Maximum amount that a wallet is allowed to hold without +having to undergo the KYC process of the issuing +exchange. Optional option, if not given there +is no limit. +.UNINDENT +.SS EXCHANGE KYC OAUTH2 OPTIONS +.sp +The following options must be in the section "[exchange\-kyc\-oauth2]". +.INDENT 0.0 +.TP +.B KYC_OAUTH2_AUTH_URL +URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". Example: "\fI\%http://localhost:8888/oauth/v2/login\fP" (or "/token") +.TP +.B KYC_OAUTH2_LOGIN_URL +URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". Example: "\fI\%http://localhost:8888/oauth/v2/login\fP" +.TP +.B KYC_INFO_URL +URL of the endpoint where the OAuth 2.0 token can be used to download the user\(aqs details. Requires KYC_ENABLED to be "OAUTH2". Example: "\fI\%http://localhost:8888/api/user/me\fP" +.TP +.B KYC_OAUTH2_CLIENT_ID +Client ID of the exchange when it talks to the KYC OAuth2 endpoint. Requires KYC_ENABLED to be "OAUTH2". +.TP +.B KYC_OAUTH2_CLIENT_SECRET +Client secret of the exchange to use when talking to the KYC Oauth2 endpoint. Requires KYC_ENABLED to be "OAUTH2". +.TP +.B KYC_OAUTH2_POST_URL +URL to which the exchange will redirect the client\(aqs browser after successful authorization/login for the KYC process. .UNINDENT .SS EXCHANGE OFFLINE SIGNING OPTIONS .sp @@ -239,6 +302,33 @@ On which path should the security module listen for signing requests? .sp Note that the \fBtaler\-exchange\-secmod\-rsa\fP also evaluates the \fB[coin_*]\fP configuration sections described below. +.SS EXCHANGE CS CRYPTO HELPER OPTIONS +.sp +The following options must be in the section "[taler\-exchange\-secmod\-cs]". +.INDENT 0.0 +.TP +.B LOOKAHEAD_SIGN +How long do we generate denomination and signing keys ahead of time? +.TP +.B OVERLAP_DURATION +How much should validity periods for coins overlap? +Should be long enough to avoid problems with +wallets picking one key and then due to network latency +another key being valid. The \fBDURATION_WITHDRAW\fP period +must be longer than this value. +.TP +.B SM_PRIV_KEY +Where should the security module store its long\-term private key? +.TP +.B KEY_DIR +Where should the security module store the private keys it manages? +.TP +.B UNIXPATH +On which path should the security module listen for signing requests? +.UNINDENT +.sp +Note that the \fBtaler\-exchange\-secmod\-cs\fP also evaluates the \fB[coin_*]\fP +configuration sections described below. .SS EXCHANGE EDDSA CRYPTO HELPER OPTIONS .sp The following options must be in the section "[taler\-exchange\-secmod\-eddsa]". @@ -276,6 +366,10 @@ After which time period should reserves be closed if they are idle? .TP .B LEGAL_RESERVE_EXPIRATION_TIME After what time do we forget about (drained) reserves during garbage collection? +.TP +.B AGGREGATOR_SHIFT +Delay between a deposit being eligible for aggregation and +the aggregator actually triggering. .UNINDENT .SS EXCHANGE POSTGRES BACKEND DATABASE OPTIONS .sp @@ -375,8 +469,13 @@ What fee is charged for refreshing? What fee is charged for refunds? When a coin is refunded, the deposit fee is returned. Instead, the refund fee is charged to the customer. .TP +.B CIPHER +What cryptosystem should be used? Must be set to either "CS" or "RSA". +The respective crypto\-helper will then generate the keys for this +denomination. +.TP .B RSA_KEYSIZE -What is the RSA keysize modulos (in bits)? +What is the RSA keysize modulos (in bits)? Only used if "CIPHER=RSA". .UNINDENT .SS MERCHANT OPTIONS .sp @@ -485,6 +584,17 @@ The following options must be in section “[auditordb\-postgres]” if the How to access the database, e.g.\ "postgres:///taler" to use the "taler" database. Testcases use “talercheck”. .UNINDENT +.SS Bank Options +.sp +The following options must be in section "[bank]" for the taler\-fakebank\-run(1) command. They are not used by the exchange or LibEuFin! +.INDENT 0.0 +.TP +.B HTTP_PORT +On which TCP port should the (fake)bank offer its REST API. +.TP +.B RAM_LIMIT +This gives the number of transactions to keep in memory. Older transactions will be overwritten and history requests for overwritten transactions will fail. +.UNINDENT .SH SEE ALSO .sp taler\-exchange\-dbinit(1), taler\-exchange\-httpd(1), diff --git a/texinfo/taler-auditor.texi b/texinfo/taler-auditor.texi index fb41a174..7e062938 100644 --- a/texinfo/taler-auditor.texi +++ b/texinfo/taler-auditor.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team @@ -102,7 +102,7 @@ Configuration * Using taler-config:: * Initial configuration:: * Keys:: -* Configuring the auditor’s REST endpoint:: +* Configuring the auditor's REST endpoint:: * Bank account:: * Database:: @@ -129,7 +129,7 @@ Operation Auditor implementation guide -* The auditor’s database:: +* The auditor's database:: * Invariants checked by the auditor:: * Testing the auditor:: @@ -197,21 +197,21 @@ to other parties. To perform this duty, you will need at least (read-only) access to the bank transactions of the exchange, as well as a continuously synchronized replica -of the exchange’s database. The general assumption for running the auditor +of the exchange's database. The general assumption for running the auditor is that this is done on a separate system controlled by the auditor. After all, the goal is to detect nerfarious activity of the exchange operator, which cannot be effectively done on a machine controlled by the exchange operator. -For this, every auditor needs to operate a Postgres database. The data +For this, every auditor needs to operate a PostgreSQL database. The data collected will include sensitive information about Taler users, including withdrawals made by consumers and income received by merchants. As a result, the auditor is expected to provide high confidentiality for the database. In general, the auditor does not have to offer high-availability: the exchange operator can continue operations without the auditor, and the auditor can -catch up with it later when the auditor’s systems are restored. However, of +catch up with it later when the auditor's systems are restored. However, of course any downtime would provide a window of opportunity for fraud and should -thus be minimized. Finally, the auditor’s copy of the exchange’s database can +thus be minimized. Finally, the auditor's copy of the exchange's database can be useful as a backup to the exchange in case the exchange experiences a loss of its own copies. Thus, business agreements between auditor and exchanges may include availability requirements as well. @@ -219,7 +219,7 @@ include availability requirements as well. Then, with the software provided, auditors can verify the cryptographic proofs collected by the exchange and detect if any improper bank transactions have been made. There are additional tasks which an auditor should perform. While this -manual only focuses on the audit of the exchange’s database and wire transfers +manual only focuses on the audit of the exchange's database and wire transfers with the existing tools, a proper auditor should also perform the following tasks: @@ -245,7 +245,7 @@ verification that the exchange properly implements the @code{/link} protocol @item verification that the exchange properly reports coins issued during the refresh protocol (by irregularly refreshing coins withdrawn by -the auditor and comparing against the exchange’s database — the +the auditor and comparing against the exchange's database --- the code required to support this is not yet implemented) @end itemize @@ -266,8 +266,8 @@ oversight function. Auditors should generally be independent third parties that verify that the exchange operates correctly. However, an exchange is likely to also run the auditing logic, as it is also used to calculate the exchange’s profits, risk -and liabilities. Furthermore, it’s usually a good idea to not only rely on -third parties to verify one’s own work. +and liabilities. Furthermore, it's usually a good idea to not only rely on +third parties to verify one's own work. The Taler software stack for an auditor consists of the following components: @@ -276,7 +276,7 @@ components: @itemize - @item -DBMS: Postgres +DBMS: PostgreSQL The auditor requires a DBMS to store a local copy of the transaction history for the Taler exchange, as well as for its own internal bookkeeping and checkpointing. @@ -286,7 +286,7 @@ fail to be imported due to constraint violations, this is an immediate serious concern that must be addressed manually. The software only verifies the content of a well-formed exchange database (well-formed with respect to SQL). For now, the GNU Taler reference implementation -only supports Postgres, but the code could be easily extended to +only supports PostgreSQL, but the code could be easily extended to support another DBMS. @item @@ -299,7 +299,7 @@ the auditor to detect if an exchange is underreporting deposits. In the future, the Web service should be extended to allow customers and merchants to automatically upload cryptographic proof of other violations of the specification by the exchange. However, for now it is assumed that -the respective cryptographic proofs are reported and verified manually — +the respective cryptographic proofs are reported and verified manually --- as with a well-behaved exchange this should obviously be a rare event. The main binary of this component is the @code{taler-auditor-httpd}. @@ -319,7 +319,7 @@ needs access to the wire gateway). The @code{taler-helper-auditor-wire} auditor verifies that the bank transactions performed by the exchange were done properly. This component must have access to the bank account -of the exchange, as well as to a copy of the exchange’s database. +of the exchange, as well as to a copy of the exchange's database. The @code{taler-auditor} script invokes the various helpers, each generating a JSON report. It then invokes the @code{taler-helper-auditor-render.py} @@ -358,6 +358,13 @@ exchange compilation. @itemize - @item +Python3 module @code{jinja2} +@end itemize + + +@itemize - + +@item libsqlite3 >= 3.16.2 @item @@ -382,13 +389,13 @@ libargon2 >= 20171227 libjansson >= 2.7 @item -Postgres >= 9.6, including libpq +PostgreSQL >= 13, including libpq @item GNU libmicrohttpd >= 0.9.71 @item -GNUnet >= 0.14.0 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) +GNUnet >= 0.16 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) @item GNU Taler exchange (from download directory@footnote{http://ftpmirror.gnu.org/taler/}, @@ -441,6 +448,17 @@ which requires you to run the last step as @code{root}. You have to specify @code{--with-gnunet=/usr/local} if you installed GNUnet to @code{/usr/local} in the previous step. +Please note that unlike most packages, if you want to run the @code{make check} +command, you should run it only @emph{after} having done @code{make install}. The +latter ensures that necessary binaries are copied to the right place. + +Gratuitous editorial note by TTN: I think this is a quirk that we should +fix in the long-term as such weirdness might hide other build issues. +However, this is probably a minority viewpoint. + +In any case, if @code{make check} fails, please consider filing a +bug report with the Taler bug tracker@footnote{https://bugs.taler.net}. + @node Installing the GNU Taler binary packages on Debian,Installing the GNU Taler binary packages on Ubuntu,Installing from source,Installation @anchor{taler-auditor-manual installing-the-gnu-taler-binary-packages-on-debian}@anchor{9} @section Installing the GNU Taler binary packages on Debian @@ -448,47 +466,14 @@ previous step. To install the GNU Taler Debian packages, first ensure that you have the right Debian distribution. At this time, the packages are built for -Sid, which means you should use a system which at least includes -unstable packages in its source list. We recommend using APT pinning -to limit unstable packages to those explicitly requested. To do this, -set your @code{/etc/apt/preferences} as follows: - -@example -Package: * -Pin: release a=stable -Pin-Priority: 700 - -Package: * -Pin: release a=testing -Pin-Priority: 650 - -Package: * -Pin: release a=unstable -Pin-Priority: 600 - -Package: * -Pin: release l=Debian-Security -Pin-Priority: 1000 -@end example - -A typical @code{/etc/apt/sources.list} file for this setup -which combines Debian stable with more recent packages -from testing and unstable would look like this: - -@example -deb http://ftp.ch.debian.org/debian/ buster main -deb http://security.debian.org/debian-security buster/updates main -deb http://ftp.ch.debian.org/debian/ testing main -deb http://ftp.ch.debian.org/debian/ unstable main -@end example +Bullseye. -Naturally, you may want to use different mirrors depending on your region. -Additionally, you must add a file to import the GNU Taler packages. Typically, +You need to add a file to import the GNU Taler packages. Typically, this is done by adding a file @code{/etc/apt/sources.list.d/taler.list} that looks like this: @example -deb https://deb.taler.net/apt/debian sid main +deb https://deb.taler.net/apt/debian bullseye main @end example Next, you must import the Taler Systems SA public package signing key @@ -594,22 +579,22 @@ is not recommended for security. The recommended set of users includes: @itemize * @item -auditor — runs the main auditing process and HTTP backend +auditor --- runs the main auditing process and HTTP backend @item -sync — synchronizes the ingres database with the production database +sync --- synchronizes the ingres database with the production database @item -helper — runs taler-auditor-offline download and upload commands +helper --- runs taler-auditor-offline download and upload commands @item -auditor-ingres — imports database from exchange production system +auditor-ingres --- imports database from exchange production system @item -auditor-wire — imports wire transfer data from bank production system +auditor-wire --- imports wire transfer data from bank production system @item -offline — manages the offline key, on a separate @emph{offline} machine +offline --- manages the offline key, on a separate @emph{offline} machine @end itemize @end quotation @@ -629,10 +614,10 @@ distribution would typically create for you): @itemize * @item -www-data — runs the HTTPS frontend (usually nginx or Apache) +www-data --- runs the HTTPS frontend (usually nginx or Apache) @item -postgres — runs the Postgres database +postgres --- runs the PostgreSQL database @end itemize @end quotation @@ -649,16 +634,16 @@ We recommend using the following databases for the auditor: @itemize * @item -exchange-ingres — synchronized exchange database over the network +exchange-ingres --- synchronized exchange database over the network @item -exchange-production — local copy of exchange database with trusted schema +exchange-production --- local copy of exchange database with trusted schema @item -auditor — auditor production database with current state of the audit +auditor --- auditor production database with current state of the audit @item -libeufin — local state of the auditor-wire tool for the bank transfer data import +libeufin --- local state of the auditor-wire tool for the bank transfer data import @end itemize @end quotation @@ -690,7 +675,7 @@ $ echo 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO auditor;' | psql libeufin @chapter Configuration -The auditor’s configuration works the same way as the configuration of other +The auditor's configuration works the same way as the configuration of other Taler components. This section discusses configuration options related to the auditor. @@ -699,7 +684,7 @@ This section discusses configuration options related to the auditor. * Using taler-config:: * Initial configuration:: * Keys:: -* Configuring the auditor’s REST endpoint:: +* Configuring the auditor's REST endpoint:: * Bank account:: * Database:: @@ -848,7 +833,7 @@ $ taler-config -s auditor -o BASE_URL -V https://auditor.example.com/ The @code{helper} user that is used to download information from the exchange needs to know details about the exchange. Similarly, the @code{offline} user -needs to check signatures signed with the exchange’s offline key. Hence, you +needs to check signatures signed with the exchange's offline key. Hence, you need to obtain the @code{MASTER_PUBLIC_KEY} from the exchange operator (they need to run @code{taler-exchange-offline setup}) and the REST endpoint of the exchange and configure these: @@ -859,14 +844,14 @@ $ taler-config -s exchange -o BASE_URL -V https://exchange.example.com/ $ taler-config -s exchange -o MASTER_PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE @end example -@node Keys,Configuring the auditor’s REST endpoint,Initial configuration,Configuration +@node Keys,Configuring the auditor's REST endpoint,Initial configuration,Configuration @anchor{taler-auditor-manual auditorkeys}@anchor{13}@anchor{taler-auditor-manual keys}@anchor{14} @section Keys The auditor works with one signing key to certify that it is auditing -a particular exchange’s denomination keys. This key can and should -be kept @emph{offline} (and backed up adequately). As with the exchange’s +a particular exchange's denomination keys. This key can and should +be kept @emph{offline} (and backed up adequately). As with the exchange's offline key, it is only used for a few cryptographic signatures and thus the respective code can be run on modest hardware, like a Raspberry Pi. @@ -907,9 +892,9 @@ You can set this configuration value using: $ taler-config -s auditor -o PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE @end example -@node Configuring the auditor’s REST endpoint,Bank account,Keys,Configuration +@node Configuring the auditor's REST endpoint,Bank account,Keys,Configuration @anchor{taler-auditor-manual auditorserving}@anchor{15}@anchor{taler-auditor-manual configuring-the-auditor-s-rest-endpoint}@anchor{16} -@section Configuring the auditor’s REST endpoint +@section Configuring the auditor's REST endpoint The auditor can serve HTTP over both TCP and UNIX domain socket. @@ -935,7 +920,7 @@ HTTP over a UNIX domain socket for @code{unixpath} (i.e. 660 = @code{rw-rw----}). @end itemize -@node Bank account,Database,Configuring the auditor’s REST endpoint,Configuration +@node Bank account,Database,Configuring the auditor's REST endpoint,Configuration @anchor{taler-auditor-manual auditorbank-account}@anchor{17}@anchor{taler-auditor-manual bank-account}@anchor{18} @section Bank account @@ -978,14 +963,14 @@ CONFIG = postgres:///auditordemo If an exchange runs its own auditor, it may use the same database for the auditor and the exchange itself. -The @code{taler-auditor-dbinit} tool is used to initialize the auditor’s +The @code{taler-auditor-dbinit} tool is used to initialize the auditor's tables. After running this tool, the rights to CREATE or DROP tables are no longer required and should be removed. Both the @code{taler-auditor-httpd} and the @code{taler-auditor} (and its helpers) also need (read-only) access to a (recent, current, synchronized) copy of the -exchange’s database. The configuration options are the same that are also -used when configuring the exchange’ database: +exchange's database. The configuration options are the same that are also +used when configuring the exchange' database: @quotation @@ -1006,7 +991,7 @@ CONFIG = postgres:///exchangedemo @anchor{taler-auditor-manual wallets}@anchor{1d} Before GNU Taler wallets will happily interact with an exchange, the -respective auditor’s public key (as obtained via @code{taler-auditor-offline +respective auditor's public key (as obtained via @code{taler-auditor-offline setup} from the @code{offline} user) must be added under the respective currency to the wallet. This is usually expected to be hard-coded into the Taler wallet. @@ -1014,7 +999,7 @@ wallet. Users can also manually add auditors for a particular currency via a Web page offering the respective pairing. -FIXME-DOLD: explain how that Web page works, once it works… +FIXME-DOLD: explain how that Web page works, once it works... @menu * Exchange:: @@ -1028,13 +1013,13 @@ FIXME-DOLD: explain how that Web page works, once it works… @section Exchange -The next step is to add the exchange’s master public key and the base URL of +The next step is to add the exchange's master public key and the base URL of the exchange to the list of exchanges audited by the auditor. This is done using the @code{taler-auditor-exchange} tool. The tool basically creates the -respective record in the auditor’s database. +respective record in the auditor's database. If this step is skipped, the auditor will malfunction at all future stages -with a foreign key violation, as it does not know the exchange’s master public +with a foreign key violation, as it does not know the exchange's master public key. @example @@ -1044,7 +1029,7 @@ $ taler-auditor-exchange -m $MASTER_PUB -u $EXCHANGE_BASE_URL An equivalent step must be performed by the exchange operator. Here, the exchange operator must use the @code{taler-exchange-offline} tool to add the -auditor’s public key, base URL and (business) name to the list of approved +auditor's public key, base URL and (business) name to the list of approved auditors of the exchange. For details, see Auditor-configuration in the exchange operator manual. @@ -1082,7 +1067,7 @@ process that is outside of the scope of this document. Note that the @code{input.json} does not contain any confidential data. However, signing the wrong keys would be fatal in that it may allow an illegitimate exchange to convince users that it is a trustworthy operator and subsequently -betray the user’s trust that is anchored in the existence of a trustworthy +betray the user's trust that is anchored in the existence of a trustworthy auditor. Given the verified JSON input, the auditor can then sign it (typically @@ -1117,22 +1102,22 @@ command-line option, send logging output to standard error by default. The next key step for the auditor is to configure replication of the -@emph{exchange}’s database in-house. This should be performed in two steps +@emph{exchange}'s database in-house. This should be performed in two steps as illustrated in the following figure: @image{taler-auditor-figures/replication,,,,png} -First, the exchange should use standard Postgres replication features to -enable the auditor to obtain a full copy of the exchange’s database. -Second, the auditor should make a “trusted” local copy, ensuring that it +First, the exchange should use standard PostgreSQL replication features to +enable the auditor to obtain a full copy of the exchange's database. +Second, the auditor should make a "trusted" local copy, ensuring that it never replicates malicious changes using @code{taler-auditor-sync}. Both of these steps are described in more detail below. We note that as a result of these steps, the auditor will have three databases: its own production primary database (as configured in -@code{auditordb-postgres}), its on production copy of the exchange’s database -(@code{exchangedb-postgress}), and a third, untrusted “ingres” copy of the -exchange database. The untrusted database should run as a separate Postgres +@code{auditordb-postgres}), its on production copy of the exchange's database +(@code{exchangedb-postgress}), and a third, untrusted "ingres" copy of the +exchange database. The untrusted database should run as a separate PostgreSQL instance and is only accessed via @code{taler-auditor-sync} and the replication mechanism driven by the exchange operator. @@ -1147,11 +1132,11 @@ mechanism driven by the exchange operator. @subsection Ingres replication of the exchange production database -Ingres operation should be done using the @code{auditor-ingres} user — or +Ingres operation should be done using the @code{auditor-ingres} user --- or depending on the setup parts of the operation may be done by the @code{postgres} user directly. -The full copy can be obtained in various ways with Postgres. It is +The full copy can be obtained in various ways with PostgreSQL. It is possible to use log shipping with streaming replication as described in @indicateurl{https://www.postgresql.org/docs/13/warm-standby.html}, or to use logical replication, as described in @@ -1160,10 +1145,10 @@ that asynchronous replication should suffice. The resulting auditor database should be treated as read-only on the auditor side. The @code{taler-exchange-dbinit} tool can be used to setup the schema, or -the schema can be replicated using Postgres’s standard mechanisms. The same +the schema can be replicated using PostgreSQL's standard mechanisms. The same applies for schema upgrades: if logical replication is used (which does not replicate schema changes), @code{taler-exchange-dbinit} can be used to migrate -the schema(s) in both the ingres and production copies of the exchange’s +the schema(s) in both the ingres and production copies of the exchange's database as well. On the exchange side, a database user must be created that has the right @@ -1177,14 +1162,14 @@ $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange @end example The exchange must share the password of the publication with the auditor. A -good @code{$NAME} relates to the auditor’s buisness unit name. A secure tunnel +good @code{$NAME} relates to the auditor's business unit name. A secure tunnel must be setup between the exchange and the auditor, for example using SSH or Wireguard. It is also necessary to edit @code{main.cf} of the exchange and on the auditor side to enable logical replication. If an exchange has multiple auditors, it should setup multiple @code{egress} accounts. The exchange must ensure that -the following lines are in the @code{main.cf} Postgres configuaration (the port +the following lines are in the @code{main.cf} PostgreSQL configuration (the port may differ) to enable replication over the network: @example @@ -1194,13 +1179,13 @@ wal_level= logical @end example Equally, the auditor must configure logical replication in the @code{main.cf} -Postgres configuaration: +PostgreSQL configuration: @example wal_level= logical @end example -Next, the @code{postgres} user of the auditor’s system must first initialize the +Next, the @code{postgres} user of the auditor's system must first initialize the local tables: @example @@ -1210,7 +1195,7 @@ $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress" $ taler-exchange-dbinit @end example -To complete the replication, the @code{postgres} user of the auditor’s +To complete the replication, the @code{postgres} user of the auditor's system must subscribe: @example @@ -1220,18 +1205,18 @@ $ echo "ALTER ROLE egress WITH PASSWORD '$PASSWORD'; | psql $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange @end example -For details, we refer to the Postgres manual. +For details, we refer to the PostgreSQL manual. @cartouche @quotation Note Depending on the replication method used, the exchange may perform unexpected changes to the schema or perform @code{UPDATE}, @code{DELETE} or @code{DROP} operations on the tables. Hence, the auditor cannot rely upon the -exchange’s primary copy to respect schema constraints, especially as we +exchange's primary copy to respect schema constraints, especially as we have to presume that the exchange could act maliciously. Furthermore, it -is unclear to what degree Postgres database replication mechanisms are +is unclear to what degree PostgreSQL database replication mechanisms are robust against a malicious master database. Thus, the auditor should -isolate its primary copy of the exchange database, including the Postgres +isolate its primary copy of the exchange database, including the PostgreSQL process, from its actual operational data. @end quotation @end cartouche @@ -1242,20 +1227,20 @@ process, from its actual operational data. Using @code{taler-auditor-sync} as the @code{sync} user, the auditor should -make a second “safe” copy of the exchange’s ingres database. +make a second "safe" copy of the exchange's ingres database. @code{taler-auditor-sync} basically reads from one exchange database and inserts all records found into a second exchange database. If the source database violates invariants, the tool halts with an error. This way, records violating invariants are never even copied, and in particular schema changes and -deletions or updates are not propagated into the auditor’s production +deletions or updates are not propagated into the auditor's production database. While @code{taler-auditor-sync} could in theory be run directly against the -exchange’s production system, this is likely a bad idea due to the high +exchange's production system, this is likely a bad idea due to the high latency from the network between auditor and exchange operator. Thus, we -recommend first making an “untrusted” ingress copy of the exchange’s -production database using standard Postgres tooling, and then using -@code{taler-auditor-sync} to create a second “safe” copy. The “safe” copy used +recommend first making an "untrusted" ingress copy of the exchange's +production database using standard PostgreSQL tooling, and then using +@code{taler-auditor-sync} to create a second "safe" copy. The "safe" copy used by the production system should also run under a different UID. Before @code{taler-auditor-sync} can be used, the target database must be @@ -1287,11 +1272,11 @@ $ taler-auditor-sync -s src.conf -d dst.cfg -t When the exchange performs garbage collection to @code{DELETE} obsolete records, this change should be automatically replicated to the auditors untrusted -ingress database. However, as @code{taler-auditor-sync} tries to be “safe”, -it will not replicate those deletions to the auditor’s production database. +ingress database. However, as @code{taler-auditor-sync} tries to be "safe", +it will not replicate those deletions to the auditor's production database. Thus, it is necessary to (occasonally) run @code{taler-exchange-dbinit -g} on -the auditor’s production database to garbage collect old data in the -auditor’s production copy. We note that this does not have to be done +the auditor's production database to garbage collect old data in the +auditor's production copy. We note that this does not have to be done at the same time when the exchange runs its garbage collection. @node Operation,Auditor implementation guide,Deployment,Top @@ -1317,7 +1302,7 @@ at the same time when the exchange runs its garbage collection. The @code{taler-auditor-httpd} runs the required REST API for the auditor. The service must have @code{INSERT} (and @code{SELECT}) rights on the -@code{deposit_confirmations} table in the auditor’s database. We expect that in +@code{deposit_confirmations} table in the auditor's database. We expect that in future versions additional rights may be required. For now, we recommend simply running the @code{taler-auditor-httpd} under the @@ -1367,7 +1352,7 @@ anymore), this is not recommended in a production setup. @section Reading the report -The auditor’s report needs to be read carefully, as it includes +The auditor's report needs to be read carefully, as it includes several categories of failures of different severity: @@ -1433,14 +1418,14 @@ completing a @code{taler-audit} run against the old schema @item migrating the exchange schema (@code{taler-exchange-dbinit}) of the master database, possibly the ingres database and the -auditor’s production copy +auditor's production copy @item migrating the auditor database (@code{taler-auditor-dbinit}) @item -resuming database replication between the exchange’s master -database and the auditor’s ingres copy +resuming database replication between the exchange's master +database and the auditor's ingres copy @item resuming @code{taler-auditor-sync} @@ -1485,7 +1470,7 @@ For more information, see Revocations in the exchange operator manual. If all denominations of an exchange are revoked, the exchange includes logic to wire back all returned funds to the bank accounts from which they originate. If some denominations remain operational, wallets will generally -exchange old coins of revoked denominations for new coins – while providing +exchange old coins of revoked denominations for new coins -- while providing additional information to demonstrate that these coins were not forged from the compromised private key but obtained via a legitimate withdraw operation. @@ -1494,12 +1479,12 @@ the compromised private key but obtained via a legitimate withdraw operation. @section Failures -Most audit failures are handled by the auditor’s regular reporting functionality, +Most audit failures are handled by the auditor's regular reporting functionality, creating a (hopefully descriptive) PDF report detailing the problems found. However, there is one category of errors where this is not possible, which -concerns arithmetic overflows for amounts. Taler’s specification limits amount -values to at most 2^52. If, during the auditor’s calculations, amounts are +concerns arithmetic overflows for amounts. Taler's specification limits amount +values to at most 2^52. If, during the auditor's calculations, amounts are encountered that exceed this threshold, the auditor will not generate a regular report, but instead write a log statement explaining where the problem happened and exit with a status code of @emph{42}. @@ -1531,15 +1516,15 @@ The auditor implementation is split into five main processes, called @code{taler-helper-auditor-XXX}. The split was done to realize the principle of least privilege and to enable independent logic to be possibly run in parallel. Only the taler-wire-auditor must have (read-only) access to the -exchange’s bank account, the other components only need access to the +exchange's bank account, the other components only need access to the database. All auditor subsystems basically start their audit from a certain transaction index (@code{BIG SERIAL}) in the auditor database which identifies where the last audit concluded. They then check that the transactions claimed in the -exchange’s database match up internally, including the cryptographic +exchange's database match up internally, including the cryptographic signatures and also with respect to amounts adding up. The auditor also -calculates the exchange’s profits and expected bank balances. Once all +calculates the exchange's profits and expected bank balances. Once all existing transactions are processed, the auditor processes store the current checkpoint in its database and generate a JSON report. @@ -1548,22 +1533,22 @@ uses Jinja2 with a TeX template to convert the five individual JSON reports into LaTeX and then into PDF. @menu -* The auditor’s database:: +* The auditor's database:: * Invariants checked by the auditor:: * Testing the auditor:: @end menu -@node The auditor’s database,Invariants checked by the auditor,,Auditor implementation guide +@node The auditor's database,Invariants checked by the auditor,,Auditor implementation guide @anchor{taler-auditor-manual the-auditor-s-database}@anchor{34} -@section The auditor’s database +@section The auditor's database The database scheme used by the exchange looks as follows: @image{taler-auditor-figures/auditor-db,,,,png} -@node Invariants checked by the auditor,Testing the auditor,The auditor’s database,Auditor implementation guide +@node Invariants checked by the auditor,Testing the auditor,The auditor's database,Auditor implementation guide @anchor{taler-auditor-manual invariants-checked-by-the-auditor}@anchor{35} @section Invariants checked by the auditor @@ -1588,7 +1573,7 @@ pass where it might seem applicable. @subsection Invariants checked by the taler-helper-auditor-aggregation -This is from CodeBlau’s analysis. A proper write-up is pending. +This is from CodeBlau's analysis. A proper write-up is pending. CodeBlau reports the following checks: @@ -1700,7 +1685,7 @@ wire fee unavailable for given time @subsection Invariants checked by the taler-helper-auditor-coins -This is from CodeBlau’s analysis. A proper write-up is pending. +This is from CodeBlau's analysis. A proper write-up is pending. CodeBlau reports the following checks: @@ -1708,9 +1693,9 @@ CodeBlau reports the following checks: @item check that all denominations used by the exchange have been signed using -this auditor’s key. All denominations encountered in the database that +this auditor's key. All denominations encountered in the database that this auditor did not officially sign for are reported (but still included -in the audit as they obviously may impact the exchange’s bank balance). +in the audit as they obviously may impact the exchange's bank balance). Depending on the business situation, this may be normal (say if an exchange is changing auditors and newer denominations are no longer supported until their end-of-life by the current auditor). @@ -1806,7 +1791,7 @@ merchants by simply not reporting deposits to the auditor. @subsection Invariants checked by the taler-helper-auditor-reserves -This is from CodeBlau’s analysis. A proper write-up is pending. +This is from CodeBlau's analysis. A proper write-up is pending. CodeBlau reports the following checks: @@ -1868,11 +1853,11 @@ target account does not match origin account This auditor is special in that it is the only pass that is required to have -@emph{read-only} access to the exchange’s bank account (privilege separation). Its -main role is to verify that the wire transfers in the exchange’s database and +@emph{read-only} access to the exchange's bank account (privilege separation). Its +main role is to verify that the wire transfers in the exchange's database and those reported by the bank are identical. -This is from CodeBlau’s analysis. A proper write-up is pending. +This is from CodeBlau's analysis. A proper write-up is pending. CodeBlau reports the following checks: @@ -1934,7 +1919,7 @@ closing fee above total amount The main objective of the auditor is to detect inconsistencies. Thus, the @code{test-auditor.sh} script deliberately introduces various inconsistencies into -a synthetic exchange database. For this, an “normal” exchange database is +a synthetic exchange database. For this, an "normal" exchange database is first generated using the @code{taler-wallet-cli}. Then, various fields or rows of that database are manipulated, and the auditor is let loose on the modified database. Afterwards, the test verifies that the JSON contains values @@ -1947,13 +1932,13 @@ cover as many code paths as possible in both the exchange and the auditor. It should also ideally create all interesting possible variations of the exchange database fields (within the constraints of the database schema). -In general, @code{test-auditor.sh} runs the tests against an “old” database where +In general, @code{test-auditor.sh} runs the tests against an "old" database where some transactions are past the due-date (and hence the aggregator would trigger wire transfers), as well as a freshly generated exchange database where the auditor would not perform any transfers. Auditor interactions can be made before or after the aggregator, depending on what is being tested. -The current script also rudimentarily tests the auditor’s resume logic, +The current script also rudimentarily tests the auditor's resume logic, by re-starting the auditor once against a database that the auditor has already seen. diff --git a/texinfo/taler-bank.texi b/texinfo/taler-bank.texi index 1a90b590..919c731f 100644 --- a/texinfo/taler-bank.texi +++ b/texinfo/taler-bank.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team diff --git a/texinfo/taler-developer-manual.texi b/texinfo/taler-developer-manual.texi index 4896a6ff..8bad28d3 100644 --- a/texinfo/taler-developer-manual.texi +++ b/texinfo/taler-developer-manual.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team @@ -69,6 +69,7 @@ Copyright @copyright{} 2014-2021 Taler Systems SA (GPLv3+ or GFDL 1.3+) * GNU Taler Release Checklist:: * GNU Taler Demo Upgrade Checklist:: * Fundamentals:: +* Debian and Ubuntu Repositories:: * Language-Specific Guidelines:: * Taler Deployment on gv.taler.net: Taler Deployment on gv taler net. * Demo Upgrade Procedure:: @@ -103,13 +104,13 @@ Wallet: [ ] build wallet @item -[ ] verify wallet works against ‘test.taler.net’ +[ ] verify wallet works against 'test.taler.net' @item [ ] tag repo. @item -[ ] upgrade ‘demo.taler.net’ to ‘test.taler.net’ +[ ] upgrade 'demo.taler.net' to 'test.taler.net' @item [ ] upload new wallet release to app store @@ -133,7 +134,7 @@ For exchange: @itemize - @item -[ ] check no compiler warnings at “-Wall” +[ ] check no compiler warnings at "-Wall" @item [ ] ensure Coverity static analysis passes @@ -142,10 +143,10 @@ For exchange: [ ] make check. @item -[ ] upgrade ‘demo.taler.net’ to ‘test.taler.net’ +[ ] upgrade 'demo.taler.net' to 'test.taler.net' @item -[ ] make dist, make check on result of ‘make dist’. +[ ] make dist, make check on result of 'make dist'. @item [ ] Change version number in configure.ac. @@ -178,7 +179,7 @@ For merchant (C backend): @itemize - @item -[ ] check no compiler warnings at “-Wall” +[ ] check no compiler warnings at "-Wall" @item [ ] ensure Coverity static analysis passes @@ -187,10 +188,10 @@ For merchant (C backend): [ ] make check. @item -[ ] upgrade ‘demo.taler.net’ to ‘test.taler.net’ +[ ] upgrade 'demo.taler.net' to 'test.taler.net' @item -[ ] make dist, make check on result of ‘make dist’. +[ ] make dist, make check on result of 'make dist'. @item [ ] Change version number in configure.ac. @@ -365,7 +366,7 @@ and related components. It is not intended for a general audience. @end quotation @end cartouche -@node Fundamentals,Language-Specific Guidelines,GNU Taler Demo Upgrade Checklist,Top +@node Fundamentals,Debian and Ubuntu Repositories,GNU Taler Demo Upgrade Checklist,Top @anchor{taler-developer-manual fundamentals}@anchor{6} @chapter Fundamentals @@ -376,6 +377,7 @@ and related components. It is not intended for a general audience. * Committing code:: * Observing changes:: * Communication:: +* What to put in bootstrap:: @end menu @@ -486,7 +488,7 @@ our main dependencies, namely GNUnet and GNU libmicrohttpd. While it can be high volume, the lists is a good way to follow overall development. -@node Communication,,Observing changes,Fundamentals +@node Communication,What to put in bootstrap,Observing changes,Fundamentals @anchor{taler-developer-manual communication}@anchor{b} @section Communication @@ -497,8 +499,92 @@ all developers should probably subscribe to the low-volume Taler mailinglist. There are separate low-volume mailinglists for gnunet-developers (@@gnu.org) and for libmicrohttpd (@@gnu.org). -@node Language-Specific Guidelines,Taler Deployment on gv taler net,Fundamentals,Top -@anchor{taler-developer-manual language-specific-guidelines}@anchor{c} +@node What to put in bootstrap,,Communication,Fundamentals +@anchor{taler-developer-manual what-to-put-in-bootstrap}@anchor{c} +@section What to put in bootstrap + + +Each repository has a @code{bootstrap} script, which contains commands for the +developer to run after a repository checkout (i.e., after @code{git clone} or +@code{git pull}). +Typically, this updates and initializes submodules, prepares the tool chain, +and runs @code{autoreconf}. +The last step generates the @code{configure} script, whether for immediate use or +for inclusion in the distribution tarball. + +One common submodule is @code{contrib/gana}, which pulls from the +GNUnet GANA repository@footnote{https://git.gnunet.org/gana.git/}. +For example, in the +Taler exchange repository@footnote{https://git.taler.net/exchange.git}, +the bootstrap script eventually runs the @code{git submodule update} command +early on, and later runs script @code{./contrib/gana.sh}, which in turn +runs script @code{./contrib/gana-update.sh}, which performs various tasks, +such as generating the file @code{src/include/taler_signatures.h}. + +Thus, to update that file, you need to: + + +@itemize - + +@item +(in GANA repo) Find a suitable (unused) name and number for the Signature +Purposes database. + +@item +Add it to GANA, in @code{gnunet-signatures/registry.rec}. +(You can check for uniqueness with the @code{recfix} utility.) + +@item +Commit the change, and push it to the GANA Git repo. + +@item +(in Taler Repo) Change directory to @code{contrib/gana} and run +command @code{git pull} there. + +@item +Bootstrap, configure, do @code{make install}, @code{make check}, etc. +(Basically, make sure the change does not break anything.) + +@item +Commit the submodule change, and push it to the Taler exchange Git repo. +@end itemize + +A similiar procedure is required for other databases in GANA. +See file @code{README} in the various directories for specific instructions. + +@node Debian and Ubuntu Repositories,Language-Specific Guidelines,Fundamentals,Top +@anchor{taler-developer-manual debian-and-ubuntu-repositories}@anchor{d} +@chapter Debian and Ubuntu Repositories + + +We package our software for Debian and Ubuntu. + +@menu +* Nightly Repositories:: + +@end menu + +@node Nightly Repositories,,,Debian and Ubuntu Repositories +@anchor{taler-developer-manual nightly-repositories}@anchor{e} +@section Nightly Repositories + + +To try the latest, unstable and untested versions of packages, +you can add the nightly package sources. + +@example +# For Ubuntu (focal-fossa) +$ echo "deb https://deb.taler.net/apt-nightly focal-taler-nightly main" > /etc/apt/sources.list.d/taler.list + +# For Debian (bullseye) +$ echo "deb https://deb.taler.net/apt-nightly bullseye-taler-nightly main" > /etc/apt/sources.list.d/taler.list + +# Both: Install signing key for nightly packages +$ wget -O - https://taler.net/taler-systems-nightly.gpg.key | apt-key add - +@end example + +@node Language-Specific Guidelines,Taler Deployment on gv taler net,Debian and Ubuntu Repositories,Top +@anchor{taler-developer-manual language-specific-guidelines}@anchor{f} @chapter Language-Specific Guidelines @@ -510,7 +596,7 @@ Python Guidelines @end itemize @node Taler Deployment on gv taler net,Demo Upgrade Procedure,Language-Specific Guidelines,Top -@anchor{taler-developer-manual taler-deployment-on-gv-taler-net}@anchor{d} +@anchor{taler-developer-manual taler-deployment-on-gv-taler-net}@anchor{10} @chapter Taler Deployment on gv.taler.net @@ -531,7 +617,7 @@ Taler payments at BFH in the future. @end menu @node DNS,User Acccounts,,Taler Deployment on gv taler net -@anchor{taler-developer-manual dns}@anchor{e} +@anchor{taler-developer-manual dns}@anchor{11} @section DNS @@ -540,7 +626,7 @@ maintainers, specifically Christian and Florian. If you need a sub-domain to be added, please contact one of them. @node User Acccounts,,DNS,Taler Deployment on gv taler net -@anchor{taler-developer-manual user-acccounts}@anchor{f} +@anchor{taler-developer-manual user-acccounts}@anchor{12} @section User Acccounts @@ -576,7 +662,7 @@ user can be switched to become active (see next section), and vice versa. @end itemize @node Demo Upgrade Procedure,Environments and Builders on taler net,Taler Deployment on gv taler net,Top -@anchor{taler-developer-manual demo-upgrade-procedure}@anchor{10} +@anchor{taler-developer-manual demo-upgrade-procedure}@anchor{13} @chapter Demo Upgrade Procedure @@ -601,7 +687,7 @@ sure everything is working. @end menu @node Tagging components,Environment Layout,,Demo Upgrade Procedure -@anchor{taler-developer-manual tagging-components}@anchor{11} +@anchor{taler-developer-manual tagging-components}@anchor{14} @section Tagging components @@ -617,7 +703,7 @@ SS = serial @end example @node Environment Layout,Using envcfg py,Tagging components,Demo Upgrade Procedure -@anchor{taler-developer-manual environment-layout}@anchor{12} +@anchor{taler-developer-manual environment-layout}@anchor{15} @section Environment Layout @@ -640,7 +726,7 @@ On @code{demo-blue} and @code{demo-green}, @code{taler-data} is a symlink pointi instead of a directory. @node Using envcfg py,Bootstrapping an Environment,Environment Layout,Demo Upgrade Procedure -@anchor{taler-developer-manual using-envcfg-py}@anchor{13} +@anchor{taler-developer-manual using-envcfg-py}@anchor{16} @section Using envcfg.py @@ -671,7 +757,7 @@ Currently only the variables @code{env} and @code{tag_$@{component@}} are used. When deploying to @code{demo}, the @code{envcfg.py} should be committed to @code{deployment.git/envcfg/envcfg-demo-YYYY-MM-DD-SS.py}. @node Bootstrapping an Environment,Upgrading an Existing Environment,Using envcfg py,Demo Upgrade Procedure -@anchor{taler-developer-manual bootstrapping-an-environment}@anchor{14} +@anchor{taler-developer-manual bootstrapping-an-environment}@anchor{17} @section Bootstrapping an Environment @@ -689,7 +775,7 @@ $ taler-config-instances @end example @node Upgrading an Existing Environment,Switching Demo Colors,Bootstrapping an Environment,Demo Upgrade Procedure -@anchor{taler-developer-manual upgrading-an-existing-environment}@anchor{15} +@anchor{taler-developer-manual upgrading-an-existing-environment}@anchor{18} @section Upgrading an Existing Environment @@ -705,7 +791,7 @@ $ taler-deployment-arm -I # check everything works @end example @node Switching Demo Colors,,Upgrading an Existing Environment,Demo Upgrade Procedure -@anchor{taler-developer-manual switching-demo-colors}@anchor{16} +@anchor{taler-developer-manual switching-demo-colors}@anchor{19} @section Switching Demo Colors @@ -717,7 +803,7 @@ $ taler-deployment switch-demo @end example @node Environments and Builders on taler net,Releases,Demo Upgrade Procedure,Top -@anchor{taler-developer-manual environments-and-builders-on-taler-net}@anchor{17} +@anchor{taler-developer-manual environments-and-builders-on-taler-net}@anchor{1a} @chapter Environments and Builders on taler.net @@ -734,7 +820,7 @@ $ taler-deployment switch-demo @end menu @node Buildbot implementation,Documentation Builder,,Environments and Builders on taler net -@anchor{taler-developer-manual buildbot-implementation}@anchor{18} +@anchor{taler-developer-manual buildbot-implementation}@anchor{1b} @section Buildbot implementation @@ -779,13 +865,13 @@ Create a worker from a shell account with this command: @code{buildbot-worker cr Then make sure there is a WORKER defined in master.cfg like: @code{worker.Worker("<username>", "<password>")} @node Documentation Builder,Website Builder,Buildbot implementation,Environments and Builders on taler net -@anchor{taler-developer-manual documentation-builder}@anchor{19} +@anchor{taler-developer-manual documentation-builder}@anchor{1c} @section Documentation Builder All the Taler documentation is built by the user @code{docbuilder} that runs a Buildbot worker. The following commands set the @code{docbuilder} up, -starting with a empty home directory. +starting with an empty home directory. @example # Log-in as the 'docbuilder' user. @@ -801,13 +887,13 @@ $ buildbot-worker start worker/ @end example @node Website Builder,Code coverage,Documentation Builder,Environments and Builders on taler net -@anchor{taler-developer-manual website-builder}@anchor{1a} +@anchor{taler-developer-manual website-builder}@anchor{1d} @section Website Builder Taler Websites, @code{www.taler.net} and @code{stage.taler.net}, are built by the user @code{taler-websites} by the means of a Buildbot worker. The following -commands set the @code{taler-websites} up, starting with a empty home directory. +commands set the @code{taler-websites} up, starting with an empty home directory. @example # Log-in as the 'taler-websites' user. @@ -823,7 +909,7 @@ $ buildbot-worker start worker/ @end example @node Code coverage,Service Checker,Website Builder,Environments and Builders on taler net -@anchor{taler-developer-manual code-coverage}@anchor{1b} +@anchor{taler-developer-manual code-coverage}@anchor{1e} @section Code coverage @@ -846,7 +932,7 @@ $ buildbot-worker start worker/ The results are then published at @code{https://lcov.taler.net/}. @node Service Checker,Tipping reserve top-up,Code coverage,Environments and Builders on taler net -@anchor{taler-developer-manual service-checker}@anchor{1c} +@anchor{taler-developer-manual service-checker}@anchor{1f} @section Service Checker @@ -868,7 +954,7 @@ $ buildbot-worker start worker/ @end example @node Tipping reserve top-up,Producing auditor reports,Service Checker,Environments and Builders on taler net -@anchor{taler-developer-manual tipping-reserve-top-up}@anchor{1d} +@anchor{taler-developer-manual tipping-reserve-top-up}@anchor{20} @section Tipping reserve top-up @@ -889,7 +975,7 @@ $ buildbot-worker start worker/ @end example @node Producing auditor reports,Database schema versioning,Tipping reserve top-up,Environments and Builders on taler net -@anchor{taler-developer-manual producing-auditor-reports}@anchor{1e} +@anchor{taler-developer-manual producing-auditor-reports}@anchor{21} @section Producing auditor reports @@ -910,11 +996,11 @@ $ buildbot-worker start worker/ @end example @node Database schema versioning,,Producing auditor reports,Environments and Builders on taler net -@anchor{taler-developer-manual database-schema-versioning}@anchor{1f} +@anchor{taler-developer-manual database-schema-versioning}@anchor{22} @section Database schema versioning -The Postgres databases of the exchange and the auditor are versioned. +The PostgreSQL databases of the exchange and the auditor are versioned. See the 0000.sql file in the respective directory for documentation. Every set of changes to the database schema must be stored in a new @@ -926,7 +1012,7 @@ Developers and operators MUST NOT make changes to database schema outside of this versioning. @node Releases,Continuous integration,Environments and Builders on taler net,Top -@anchor{taler-developer-manual releases}@anchor{20} +@anchor{taler-developer-manual releases}@anchor{23} @chapter Releases @@ -942,7 +1028,7 @@ outside of this versioning. @end menu @node Release Process and Checklists,Tagging,,Releases -@anchor{taler-developer-manual release-process-and-checklists}@anchor{21} +@anchor{taler-developer-manual release-process-and-checklists}@anchor{24} @section Release Process and Checklists @@ -976,7 +1062,7 @@ taler-wallet-webex (wallet-webex.git) @end itemize @node Tagging,Database for tests,Release Process and Checklists,Releases -@anchor{taler-developer-manual tagging}@anchor{22} +@anchor{taler-developer-manual tagging}@anchor{25} @section Tagging @@ -988,7 +1074,7 @@ $ git push origin v0.1.0 @end example @node Database for tests,Exchange merchant,Tagging,Releases -@anchor{taler-developer-manual database-for-tests}@anchor{23} +@anchor{taler-developer-manual database-for-tests}@anchor{26} @section Database for tests @@ -1006,7 +1092,7 @@ unauthorized access. @end cartouche @node Exchange merchant,Wallet WebExtension,Database for tests,Releases -@anchor{taler-developer-manual exchange-merchant}@anchor{24} +@anchor{taler-developer-manual exchange-merchant}@anchor{27} @section Exchange, merchant @@ -1065,7 +1151,7 @@ $ make install check @end example @node Wallet WebExtension,Upload to GNU mirrors,Exchange merchant,Releases -@anchor{taler-developer-manual wallet-webextension}@anchor{25} +@anchor{taler-developer-manual wallet-webextension}@anchor{28} @section Wallet WebExtension @@ -1079,7 +1165,7 @@ $ make dist @end example @node Upload to GNU mirrors,Creating Debian packages,Wallet WebExtension,Releases -@anchor{taler-developer-manual upload-to-gnu-mirrors}@anchor{26} +@anchor{taler-developer-manual upload-to-gnu-mirrors}@anchor{29} @section Upload to GNU mirrors @@ -1096,7 +1182,7 @@ filename: taler-exchange-0.1.0.tar.gz Upload the files in @strong{binary mode} to the ftp servers. @node Creating Debian packages,,Upload to GNU mirrors,Releases -@anchor{taler-developer-manual creating-debian-packages}@anchor{27} +@anchor{taler-developer-manual creating-debian-packages}@anchor{2a} @section Creating Debian packages @@ -1114,24 +1200,26 @@ in the respective source directory (GNUnet, exchange, merchant) to create the @code{.deb} files. Note that they will be created in the parent directory. This can be done on gv.taler.net, or on another (secure) machine. +On @code{gv}, we use the @code{aptbuilder} user to manage the reprepro repository. + Next, the @code{*.deb} files should be copied to gv.taler.net, say to -@code{/root/incoming}. Then, run +@code{/home/aptbuilder/incoming}. Then, run @example -# cd /var/www/repos/apt/debian/ -# reprepro includedeb sid /root/incoming/*.deb +# cd /home/aptbuilder/apt +# reprepro includedeb bullseye ~/incoming/*.deb @end example -to import all Debian files from @code{/root/incoming/} into the @code{sid} +to import all Debian files from @code{~/incoming/} into the @code{bullseye} distribution. If Debian packages were build against other distributions, reprepro may need to be first configured for those and the import command updated accordingly. -Finally, make sure to clean up @code{/root/incoming/} (by deleting the +Finally, make sure to clean up @code{~/incoming/} (by deleting the now imported @code{*.deb} files). @node Continuous integration,Internationalization,Releases,Top -@anchor{taler-developer-manual continuous-integration}@anchor{28} +@anchor{taler-developer-manual continuous-integration}@anchor{2b} @chapter Continuous integration @@ -1149,7 +1237,7 @@ There is also the possibility to trigger builds manually, but this is only reserved to “admin” users. @node Internationalization,Android Apps,Continuous integration,Top -@anchor{taler-developer-manual internationalization}@anchor{29} +@anchor{taler-developer-manual internationalization}@anchor{2c} @chapter Internationalization @@ -1170,14 +1258,14 @@ At this time, this system is still very new for Taler.net and this documentation @end menu @node Who can Register,About Privilege Levels,,Internationalization -@anchor{taler-developer-manual who-can-register}@anchor{2a} +@anchor{taler-developer-manual who-can-register}@anchor{2d} @section Who can Register At this time, anyone can register an account at @indicateurl{https://weblate.taler.net/} to create translations. Registered users default to the @strong{Users} and @strong{Viewers} privilege level. @node About Privilege Levels,Upgrading Privileges,Who can Register,Internationalization -@anchor{taler-developer-manual about-privilege-levels}@anchor{2b} +@anchor{taler-developer-manual about-privilege-levels}@anchor{2e} @section About Privilege Levels @@ -1200,21 +1288,21 @@ This is the breakdown of privilege levels in Weblate: @end itemize @node Upgrading Privileges,How to Create a Project,About Privilege Levels,Internationalization -@anchor{taler-developer-manual upgrading-privileges}@anchor{2c} +@anchor{taler-developer-manual upgrading-privileges}@anchor{2f} @section Upgrading Privileges To upgrade from @strong{Users}/@strong{Viewers}, a superuser must manually augment your privileges. At this time, superusers are Christian, Florian, and Buck. @node How to Create a Project,How to Create a Component,Upgrading Privileges,Internationalization -@anchor{taler-developer-manual how-to-create-a-project}@anchor{2d} +@anchor{taler-developer-manual how-to-create-a-project}@anchor{30} @section How to Create a Project The @emph{GNU Taler} project is probably the correct project for most Components and Translations falling under this guide. Please contact a superuser if you need another Project created. @node How to Create a Component,How to Create a Translation,How to Create a Project,Internationalization -@anchor{taler-developer-manual how-to-create-a-component}@anchor{2e} +@anchor{taler-developer-manual how-to-create-a-component}@anchor{31} @section How to Create a Component @@ -1254,7 +1342,7 @@ Under @emph{https://weblate.taler.net/create/component/vcs/}: @end itemize @node How to Create a Translation,Translation Standards and Practices,How to Create a Component,Internationalization -@anchor{taler-developer-manual how-to-create-a-translation}@anchor{2f} +@anchor{taler-developer-manual how-to-create-a-translation}@anchor{32} @section How to Create a Translation @@ -1273,7 +1361,7 @@ Under @emph{https://weblate.taler.net/create/component/vcs/}: You may also wish to refer to @indicateurl{https://docs.weblate.org/} . @node Translation Standards and Practices,GPG Signing of Translations,How to Create a Translation,Internationalization -@anchor{taler-developer-manual translation-standards-and-practices}@anchor{30} +@anchor{taler-developer-manual translation-standards-and-practices}@anchor{33} @section Translation Standards and Practices @@ -1284,7 +1372,7 @@ When asked, set the license to GPLv3 or later. Set commit/push to manual only. @node GPG Signing of Translations,,Translation Standards and Practices,Internationalization -@anchor{taler-developer-manual gpg-signing-of-translations}@anchor{31} +@anchor{taler-developer-manual gpg-signing-of-translations}@anchor{34} @section GPG Signing of Translations @@ -1293,7 +1381,7 @@ weblate.taler.net signs GPG commits with the GPG key CD33CE35801462FA5EB0B695F26 This means that contributions made through weblate will not be signed with the individual contributor’s key when they are checked into the Git repository, but with the weblate key. @node Android Apps,Code Coverage,Internationalization,Top -@anchor{taler-developer-manual android-apps}@anchor{32} +@anchor{taler-developer-manual android-apps}@anchor{35} @chapter Android Apps @@ -1306,7 +1394,7 @@ This means that contributions made through weblate will not be signed with the i @end menu @node Android App Nightly Builds,Building apps from source,,Android Apps -@anchor{taler-developer-manual android-app-nightly-builds}@anchor{33} +@anchor{taler-developer-manual android-app-nightly-builds}@anchor{36} @section Android App Nightly Builds @@ -1357,7 +1445,7 @@ Use at your own risk! @end cartouche @node Building apps from source,Update translations,Android App Nightly Builds,Android Apps -@anchor{taler-developer-manual build-apps-from-source}@anchor{34}@anchor{taler-developer-manual building-apps-from-source}@anchor{35} +@anchor{taler-developer-manual build-apps-from-source}@anchor{37}@anchor{taler-developer-manual building-apps-from-source}@anchor{38} @section Building apps from source @@ -1443,7 +1531,7 @@ After the build finished successfully, you will find your APK in @code{merchant-terminal/build/outputs/apk/release/}. @node Update translations,Release process,Building apps from source,Android Apps -@anchor{taler-developer-manual update-translations}@anchor{36} +@anchor{taler-developer-manual update-translations}@anchor{39} @section Update translations @@ -1477,7 +1565,7 @@ Afterwards, build the entire project from source and test the UI to ensure that no erroneous translations (missing placeholders) are breaking things. @node Release process,,Update translations,Android Apps -@anchor{taler-developer-manual release-process}@anchor{37} +@anchor{taler-developer-manual release-process}@anchor{3a} @section Release process @@ -1508,7 +1596,7 @@ $ git tag -s $APP-$VERSION @end menu @node F-Droid,Google Play,,Release process -@anchor{taler-developer-manual id1}@anchor{38} +@anchor{taler-developer-manual id1}@anchor{3b} @subsection F-Droid @@ -1532,7 +1620,7 @@ PoS: [metadata@footnote{https://gitlab.com/fdroid/fdroiddata/-/blob/master/metad @end itemize @node Google Play,,F-Droid,Release process -@anchor{taler-developer-manual google-play}@anchor{39} +@anchor{taler-developer-manual google-play}@anchor{3c} @subsection Google Play @@ -1554,7 +1642,7 @@ All uploads are going to the beta track by default. These can be promoted to production later or immediately after upload if you feel daring. @node Code Coverage,Coding Conventions,Android Apps,Top -@anchor{taler-developer-manual id2}@anchor{3a}@anchor{taler-developer-manual id3}@anchor{3b} +@anchor{taler-developer-manual id2}@anchor{3d}@anchor{taler-developer-manual id3}@anchor{3e} @chapter Code Coverage @@ -1564,7 +1652,7 @@ nightly (once a day) by a Buildbot worker. The coverage results are then published at @indicateurl{https://lcov.taler.net/} . @node Coding Conventions,Testing library,Code Coverage,Top -@anchor{taler-developer-manual coding-conventions}@anchor{3c} +@anchor{taler-developer-manual coding-conventions}@anchor{3f} @chapter Coding Conventions @@ -1579,7 +1667,7 @@ GNU Taler is developed primarily in C, Kotlin, Python and TypeScript. @end menu @node Components written in C,Shell Scripts,,Coding Conventions -@anchor{taler-developer-manual components-written-in-c}@anchor{3d} +@anchor{taler-developer-manual components-written-in-c}@anchor{40} @section Components written in C @@ -1599,7 +1687,7 @@ by the GNUnet style: @indicateurl{https://docs.gnunet.org/handbook/gnunet.html#C @end menu @node Naming conventions,,,Components written in C -@anchor{taler-developer-manual naming-conventions}@anchor{3e} +@anchor{taler-developer-manual naming-conventions}@anchor{41} @subsection Naming conventions @@ -1760,7 +1848,7 @@ must be called “perf_module-under-test_case-description.c” @end itemize @node Shell Scripts,Kotlin,Components written in C,Coding Conventions -@anchor{taler-developer-manual shell-scripts}@anchor{3f} +@anchor{taler-developer-manual shell-scripts}@anchor{42} @section Shell Scripts @@ -1787,7 +1875,7 @@ $ set -eu @end example @node Kotlin,Python,Shell Scripts,Coding Conventions -@anchor{taler-developer-manual kotlin}@anchor{40} +@anchor{taler-developer-manual kotlin}@anchor{43} @section Kotlin @@ -1795,7 +1883,7 @@ We so far have no specific guidelines, please follow best practices for the language. @node Python,,Kotlin,Coding Conventions -@anchor{taler-developer-manual python}@anchor{41} +@anchor{taler-developer-manual python}@anchor{44} @section Python @@ -1807,14 +1895,14 @@ for the language. @end menu @node Supported Python Versions,Style,,Python -@anchor{taler-developer-manual supported-python-versions}@anchor{42} +@anchor{taler-developer-manual supported-python-versions}@anchor{45} @subsection Supported Python Versions Python code should be written and build against version 3.7 of Python. @node Style,Python for Scripting,Supported Python Versions,Python -@anchor{taler-developer-manual style}@anchor{43} +@anchor{taler-developer-manual style}@anchor{46} @subsection Style @@ -1824,7 +1912,7 @@ A reusable yapf style file can be found in @code{build-common}, which is intended to be used as a git submodule. @node Python for Scripting,,Style,Python -@anchor{taler-developer-manual python-for-scripting}@anchor{44} +@anchor{taler-developer-manual python-for-scripting}@anchor{47} @subsection Python for Scripting @@ -1846,7 +1934,7 @@ over the older APIs. @end itemize @node Testing library,User-Facing Terminology,Coding Conventions,Top -@anchor{taler-developer-manual testing-library}@anchor{45} +@anchor{taler-developer-manual testing-library}@anchor{48} @chapter Testing library @@ -1854,7 +1942,7 @@ This chapter is a VERY ABSTRACT description of how testing is implemented in Taler, and in NO WAY wants to substitute the reading of the actual source code by the user. -In Taler, a test case is a array of @code{struct TALER_TESTING_Command}, +In Taler, a test case is an array of @code{struct TALER_TESTING_Command}, informally referred to as @code{CMD}, that is iteratively executed by the testing interpreter. This latter is transparently initiated by the testing library. @@ -1877,7 +1965,7 @@ CMDs: for example, CMD1 may create some key material and CMD2 needs this key material to encrypt data. The offering of internal values from CMD1 to CMD2 is made by @emph{traits}. A -trait is a @code{struct TALER_TESTING_Trait}, and each CMD contains a array +trait is a @code{struct TALER_TESTING_Trait}, and each CMD contains an array of traits, that it offers via the public trait interface to other commands. The definition and filling of such array happens transparently to the test developer. @@ -1919,7 +2007,7 @@ Please refer to the Twister codebase (under the @code{test} directory) in order to see how to configure it. @node User-Facing Terminology,Developer Glossary,Testing library,Top -@anchor{taler-developer-manual user-facing-terminology}@anchor{46} +@anchor{taler-developer-manual user-facing-terminology}@anchor{49} @chapter User-Facing Terminology @@ -1933,7 +2021,7 @@ used in the user interface and help materials. @end menu @node Terms to Avoid,Terms to Use,,User-Facing Terminology -@anchor{taler-developer-manual terms-to-avoid}@anchor{47} +@anchor{taler-developer-manual terms-to-avoid}@anchor{4a} @section Terms to Avoid @@ -2002,7 +2090,7 @@ with their payment. Can also be something like a donation receipt. @end table @node Terms to Use,,Terms to Avoid,User-Facing Terminology -@anchor{taler-developer-manual terms-to-use}@anchor{48} +@anchor{taler-developer-manual terms-to-use}@anchor{4b} @section Terms to Use @@ -2054,7 +2142,7 @@ and payments. @end table @node Developer Glossary,Developer Tools,User-Facing Terminology,Top -@anchor{taler-developer-manual developer-glossary}@anchor{49} +@anchor{taler-developer-manual developer-glossary}@anchor{4c} @chapter Developer Glossary @@ -2063,137 +2151,137 @@ use when talking to end users or even system administrators. @table @asis -@anchor{taler-developer-manual term-absolute-time}@anchor{4a} +@anchor{taler-developer-manual term-absolute-time}@anchor{4d} @geindex absolute time @item absolute time -method of keeping time in @ref{4b,,GNUnet} where the time is represented +method of keeping time in @ref{4e,,GNUnet} where the time is represented as the number of microseconds since 1.1.1970 (UNIX epoch). Called -absolute time in contrast to @ref{4c,,relative time}. -@anchor{taler-developer-manual term-aggregate}@anchor{4d} +absolute time in contrast to @ref{4f,,relative time}. +@anchor{taler-developer-manual term-aggregate}@anchor{50} @geindex aggregate @item aggregate -the @ref{4e,,exchange} combines multiple payments received by the -same @ref{4f,,merchant} into one larger @ref{50,,wire transfer} to -the respective merchant’s @ref{51,,bank} account -@anchor{taler-developer-manual term-auditor}@anchor{52} +the @ref{51,,exchange} combines multiple payments received by the +same @ref{52,,merchant} into one larger @ref{53,,wire transfer} to +the respective merchant’s @ref{54,,bank} account +@anchor{taler-developer-manual term-auditor}@anchor{55} @geindex auditor @item auditor -trusted third party that verifies that the @ref{4e,,exchange} is operating correctly -@anchor{taler-developer-manual term-bank}@anchor{51} +trusted third party that verifies that the @ref{51,,exchange} is operating correctly +@anchor{taler-developer-manual term-bank}@anchor{54} @geindex bank @item bank -traditional financial service provider who offers wire @ref{53,,transfers} between accounts -@anchor{taler-developer-manual term-buyer}@anchor{54} +traditional financial service provider who offers wire @ref{56,,transfers} between accounts +@anchor{taler-developer-manual term-buyer}@anchor{57} @geindex buyer @item buyer -individual in control of a Taler @ref{55,,wallet}, usually using it to -@ref{56,,spend} the @ref{57,,coins} on @ref{58,,contracts} (see also @ref{59,,customer}). -@anchor{taler-developer-manual term-close}@anchor{5a} +individual in control of a Taler @ref{58,,wallet}, usually using it to +@ref{59,,spend} the @ref{5a,,coins} on @ref{5b,,contracts} (see also @ref{5c,,customer}). +@anchor{taler-developer-manual term-close}@anchor{5d} @geindex close -@item close@anchor{taler-developer-manual term-closes}@anchor{5b} +@item close@anchor{taler-developer-manual term-closes}@anchor{5e} @geindex closes -@itemx closes@anchor{taler-developer-manual term-closed}@anchor{5c} +@itemx closes@anchor{taler-developer-manual term-closed}@anchor{5f} @geindex closed -@itemx closed@anchor{taler-developer-manual term-closing}@anchor{5d} +@itemx closed@anchor{taler-developer-manual term-closing}@anchor{60} @geindex closing @itemx closing -operation an @ref{4e,,exchange} performs on a @ref{5e,,reserve} that has not been -@ref{5f,,drained} by @ref{60,,withdraw} operations. When closing a reserve, the -exchange wires the remaining funds back to the customer, minus a @ref{61,,fee} +operation an @ref{51,,exchange} performs on a @ref{61,,reserve} that has not been +@ref{62,,drained} by @ref{63,,withdraw} operations. When closing a reserve, the +exchange wires the remaining funds back to the customer, minus a @ref{64,,fee} for closing -@anchor{taler-developer-manual term-coin}@anchor{62} +@anchor{taler-developer-manual term-coin}@anchor{65} @geindex coin -@item coin@anchor{taler-developer-manual term-coins}@anchor{57} +@item coin@anchor{taler-developer-manual term-coins}@anchor{5a} @geindex coins @itemx coins -coins are individual token representing a certain amount of value, also known as the @ref{63,,denomination} of the coin -@anchor{taler-developer-manual term-commitment}@anchor{64} +coins are individual token representing a certain amount of value, also known as the @ref{66,,denomination} of the coin +@anchor{taler-developer-manual term-commitment}@anchor{67} @geindex commitment -@item commitment@anchor{taler-developer-manual term-refresh-commitment}@anchor{65} +@item commitment@anchor{taler-developer-manual term-refresh-commitment}@anchor{68} @geindex refresh commitment @itemx refresh commitment -data that the wallet commits to during the @ref{66,,melt} stage of the -@ref{67,,refresh} protocol where it -has to prove to the @ref{4e,,exchange} that it is deriving the @ref{68,,fresh} +data that the wallet commits to during the @ref{69,,melt} stage of the +@ref{6a,,refresh} protocol where it +has to prove to the @ref{51,,exchange} that it is deriving the @ref{6b,,fresh} coins as specified by the Taler protocol. The commitment is verified -probabilistically (see: @ref{69,,kappa}) during the @ref{6a,,reveal} stage. -@anchor{taler-developer-manual term-contract}@anchor{6b} +probabilistically (see: @ref{6c,,kappa}) during the @ref{6d,,reveal} stage. +@anchor{taler-developer-manual term-contract}@anchor{6e} @geindex contract -@item contract@anchor{taler-developer-manual term-contracts}@anchor{58} +@item contract@anchor{taler-developer-manual term-contracts}@anchor{5b} @geindex contracts @itemx contracts -formal agreement between @ref{4f,,merchant} and @ref{59,,customer} specifying the -@ref{6c,,contract terms} and signed by the merchant and the @ref{57,,coins} of the +formal agreement between @ref{52,,merchant} and @ref{5c,,customer} specifying the +@ref{6f,,contract terms} and signed by the merchant and the @ref{5a,,coins} of the customer -@anchor{taler-developer-manual term-contract-terms}@anchor{6c} +@anchor{taler-developer-manual term-contract-terms}@anchor{6f} @geindex contract terms @item contract terms the individual clauses specifying what the buyer is purchasing from the -@ref{4f,,merchant} -@anchor{taler-developer-manual term-customer}@anchor{59} +@ref{52,,merchant} +@anchor{taler-developer-manual term-customer}@anchor{5c} @geindex customer @item customer individual that directs the buyer (perhaps the same individual) to make a purchase -@anchor{taler-developer-manual term-denomination}@anchor{63} +@anchor{taler-developer-manual term-denomination}@anchor{66} @geindex denomination @item denomination -unit of currency, specifies both the currency and the face value of a @ref{62,,coin}, +unit of currency, specifies both the currency and the face value of a @ref{65,,coin}, as well as associated fees and validity periods -@anchor{taler-developer-manual term-denomination-key}@anchor{6d} +@anchor{taler-developer-manual term-denomination-key}@anchor{70} @geindex denomination key @item denomination key -(RSA) key used by the exchange to certify that a given @ref{62,,coin} is valid and of a -particular @ref{63,,denomination} -@anchor{taler-developer-manual term-deposit}@anchor{6e} +(RSA) key used by the exchange to certify that a given @ref{65,,coin} is valid and of a +particular @ref{66,,denomination} +@anchor{taler-developer-manual term-deposit}@anchor{71} @geindex deposit -@item deposit@anchor{taler-developer-manual term-deposits}@anchor{6f} +@item deposit@anchor{taler-developer-manual term-deposits}@anchor{72} @geindex deposits -@itemx deposits@anchor{taler-developer-manual term-depositing}@anchor{70} +@itemx deposits@anchor{taler-developer-manual term-depositing}@anchor{73} @geindex depositing @itemx depositing operation by which a merchant passes coins to an exchange, expecting the exchange to credit his bank account in the future using an -@ref{4d,,aggregate} @ref{50,,wire transfer} -@anchor{taler-developer-manual term-dirty}@anchor{71} +@ref{50,,aggregate} @ref{53,,wire transfer} +@anchor{taler-developer-manual term-dirty}@anchor{74} @geindex dirty -@item dirty@anchor{taler-developer-manual term-dirty-coin}@anchor{72} +@item dirty@anchor{taler-developer-manual term-dirty-coin}@anchor{75} @geindex dirty coin @itemx dirty coin @@ -2201,30 +2289,30 @@ exchange to credit his bank account in the future using an a coin is dirty if its public key may be known to an entity other than the customer, thereby creating the danger of some entity being able to link multiple transactions of coin’s owner if the coin is not refreshed -@anchor{taler-developer-manual term-drain}@anchor{73} +@anchor{taler-developer-manual term-drain}@anchor{76} @geindex drain -@item drain@anchor{taler-developer-manual term-drained}@anchor{5f} +@item drain@anchor{taler-developer-manual term-drained}@anchor{62} @geindex drained @itemx drained -a @ref{5e,,reserve} is being drained when a @ref{55,,wallet} is using the -reserve’s private key to @ref{60,,withdraw} coins from it. This reduces +a @ref{61,,reserve} is being drained when a @ref{58,,wallet} is using the +reserve’s private key to @ref{63,,withdraw} coins from it. This reduces the balance of the reserve. Once the balance reaches zero, we say that the reserve has been (fully) drained. Reserves that are not drained -(which is the normal process) are @ref{5c,,closed} by the exchange. -@anchor{taler-developer-manual term-exchange}@anchor{4e} +(which is the normal process) are @ref{5f,,closed} by the exchange. +@anchor{taler-developer-manual term-exchange}@anchor{51} @geindex exchange @item exchange Taler’s payment service operator. Issues electronic coins during withdrawal and redeems them when they are deposited by merchants -@anchor{taler-developer-manual term-expired}@anchor{74} +@anchor{taler-developer-manual term-expired}@anchor{77} @geindex expired -@item expired@anchor{taler-developer-manual term-expiration}@anchor{75} +@item expired@anchor{taler-developer-manual term-expiration}@anchor{78} @geindex expiration @itemx expiration @@ -2238,47 +2326,47 @@ expiration, which specifies how long the exchange keeps records beyond the deposit expiration time. This latter expiration matters for legal disputes in courts and also creates an upper limit for refreshing operations on special zombie coin -@anchor{taler-developer-manual term-fakebank}@anchor{76} +@anchor{taler-developer-manual term-fakebank}@anchor{79} @geindex fakebank @item fakebank -implementation of the @ref{51,,bank} API in memory to be used only for test +implementation of the @ref{54,,bank} API in memory to be used only for test cases. -@anchor{taler-developer-manual term-fee}@anchor{61} +@anchor{taler-developer-manual term-fee}@anchor{64} @geindex fee @item fee -an @ref{4e,,exchange} charges various fees for its service. The different +an @ref{51,,exchange} charges various fees for its service. The different fees are specified in the protocol. There are fees per coin for -@ref{77,,withdrawing}, @ref{70,,depositing}, @ref{78,,melting}, and -@ref{79,,refunding}. Furthermore, there are fees per wire transfer -for @ref{5d,,closing} a @ref{5e,,reserve}: and for -@ref{4d,,aggregate} @ref{7a,,wire transfers} to the @ref{4f,,merchant}. -@anchor{taler-developer-manual term-fresh}@anchor{68} +@ref{7a,,withdrawing}, @ref{73,,depositing}, @ref{7b,,melting}, and +@ref{7c,,refunding}. Furthermore, there are fees per wire transfer +for @ref{60,,closing} a @ref{61,,reserve}: and for +@ref{50,,aggregate} @ref{7d,,wire transfers} to the @ref{52,,merchant}. +@anchor{taler-developer-manual term-fresh}@anchor{6b} @geindex fresh -@item fresh@anchor{taler-developer-manual term-fresh-coin}@anchor{7b} +@item fresh@anchor{taler-developer-manual term-fresh-coin}@anchor{7e} @geindex fresh coin @itemx fresh coin a coin is fresh if its public key is only known to the customer -@anchor{taler-developer-manual term-GNUnet}@anchor{4b} +@anchor{taler-developer-manual term-GNUnet}@anchor{4e} @geindex GNUnet @item GNUnet Codebase of various libraries for a better Internet, some of which GNU Taler depends upon. -@anchor{taler-developer-manual term-json}@anchor{7c} +@anchor{taler-developer-manual term-json}@anchor{7f} @geindex json -@item json@anchor{taler-developer-manual term-JSON}@anchor{7d} +@item json@anchor{taler-developer-manual term-JSON}@anchor{80} @geindex JSON -@itemx JSON@anchor{taler-developer-manual term-JavaScript-Object-Notation}@anchor{7e} +@itemx JSON@anchor{taler-developer-manual term-JavaScript-Object-Notation}@anchor{81} @geindex JavaScript Object Notation @itemx JavaScript Object Notation @@ -2286,190 +2374,190 @@ GNU Taler depends upon. serialization format derived from the JavaScript language which is commonly used in the Taler protocol as the payload of HTTP requests and responses. -@anchor{taler-developer-manual term-kappa}@anchor{69} +@anchor{taler-developer-manual term-kappa}@anchor{6c} @geindex kappa @item kappa -security parameter used in the @ref{67,,refresh} protocol. Defined to be 3. +security parameter used in the @ref{6a,,refresh} protocol. Defined to be 3. The probability of successfully evading the income transparency with the refresh protocol is 1:kappa. -@anchor{taler-developer-manual term-LibEuFin}@anchor{7f} +@anchor{taler-developer-manual term-LibEuFin}@anchor{82} @geindex LibEuFin @item LibEuFin FIXME: explain -@anchor{taler-developer-manual term-link}@anchor{80} +@anchor{taler-developer-manual term-link}@anchor{83} @geindex link -@item link@anchor{taler-developer-manual term-linking}@anchor{81} +@item link@anchor{taler-developer-manual term-linking}@anchor{84} @geindex linking @itemx linking -specific step in the @ref{67,,refresh} protocol that an exchange must offer -to prevent abuse of the @ref{67,,refresh} mechanism. The link step is +specific step in the @ref{6a,,refresh} protocol that an exchange must offer +to prevent abuse of the @ref{6a,,refresh} mechanism. The link step is not needed in normal operation, it just must be offered. -@anchor{taler-developer-manual term-master-key}@anchor{82} +@anchor{taler-developer-manual term-master-key}@anchor{85} @geindex master key @item master key offline key used by the exchange to certify denomination keys and message signing keys -@anchor{taler-developer-manual term-melt}@anchor{66} +@anchor{taler-developer-manual term-melt}@anchor{69} @geindex melt -@item melt@anchor{taler-developer-manual term-melted}@anchor{83} +@item melt@anchor{taler-developer-manual term-melted}@anchor{86} @geindex melted -@itemx melted@anchor{taler-developer-manual term-melting}@anchor{78} +@itemx melted@anchor{taler-developer-manual term-melting}@anchor{7b} @geindex melting @itemx melting -step of the @ref{67,,refresh} protocol where a @ref{72,,dirty coin} -is invalidated to be reborn @ref{68,,fresh} in a subsequent -@ref{6a,,reveal} step. -@anchor{taler-developer-manual term-merchant}@anchor{4f} +step of the @ref{6a,,refresh} protocol where a @ref{75,,dirty coin} +is invalidated to be reborn @ref{6b,,fresh} in a subsequent +@ref{6d,,reveal} step. +@anchor{taler-developer-manual term-merchant}@anchor{52} @geindex merchant @item merchant party receiving payments (usually in return for goods or services) -@anchor{taler-developer-manual term-message-signing-key}@anchor{84} +@anchor{taler-developer-manual term-message-signing-key}@anchor{87} @geindex message signing key @item message signing key key used by the exchange to sign online messages, other than coins -@anchor{taler-developer-manual term-order}@anchor{85} +@anchor{taler-developer-manual term-order}@anchor{88} @geindex order @item order FIXME: to be written! -@anchor{taler-developer-manual term-owner}@anchor{86} +@anchor{taler-developer-manual term-owner}@anchor{89} @geindex owner @item owner a coin is owned by the entity that knows the private key of the coin -@anchor{taler-developer-manual term-planchet}@anchor{87} +@anchor{taler-developer-manual term-planchet}@anchor{8a} @geindex planchet @item planchet -precursor data for a @ref{62,,coin}. A planchet includes the coin’s internal +precursor data for a @ref{65,,coin}. A planchet includes the coin’s internal secrets (coin private key, blinding factor), but lacks the RSA signature -of the @ref{4e,,exchange}. When @ref{77,,withdrawing}, a @ref{55,,wallet} +of the @ref{51,,exchange}. When @ref{7a,,withdrawing}, a @ref{58,,wallet} creates and persists a planchet before asking the exchange to sign it to get the coin. -@anchor{taler-developer-manual term-privacy-policy}@anchor{88} +@anchor{taler-developer-manual term-privacy-policy}@anchor{8b} @geindex privacy policy @item privacy policy Statement of an operator how they will protect the privacy of users. -@anchor{taler-developer-manual term-proof}@anchor{89} +@anchor{taler-developer-manual term-proof}@anchor{8c} @geindex proof @item proof Message that cryptographically demonstrates that a particular claim is correct. -@anchor{taler-developer-manual term-proposal}@anchor{8a} +@anchor{taler-developer-manual term-proposal}@anchor{8d} @geindex proposal @item proposal -a list of @ref{6c,,contract terms} that has been completed and signed by the +a list of @ref{6f,,contract terms} that has been completed and signed by the merchant backend. -@anchor{taler-developer-manual term-purchase}@anchor{8b} +@anchor{taler-developer-manual term-purchase}@anchor{8e} @geindex purchase @item purchase -Refers to the overall process of negotiating a @ref{6b,,contract} and then -making a payment with @ref{57,,coins} to a @ref{4f,,merchant}. -@anchor{taler-developer-manual term-recoup}@anchor{8c} +Refers to the overall process of negotiating a @ref{6e,,contract} and then +making a payment with @ref{5a,,coins} to a @ref{52,,merchant}. +@anchor{taler-developer-manual term-recoup}@anchor{8f} @geindex recoup @item recoup Operation by which an exchange returns the value of coins affected -by a @ref{8d,,revocation} to their @ref{86,,owner}, either by allowing the owner to -withdraw new coins or wiring funds back to the bank account of the @ref{86,,owner}. -@anchor{taler-developer-manual term-refresh}@anchor{67} +by a @ref{90,,revocation} to their @ref{89,,owner}, either by allowing the owner to +withdraw new coins or wiring funds back to the bank account of the @ref{89,,owner}. +@anchor{taler-developer-manual term-refresh}@anchor{6a} @geindex refresh -@item refresh@anchor{taler-developer-manual term-refreshing}@anchor{8e} +@item refresh@anchor{taler-developer-manual term-refreshing}@anchor{91} @geindex refreshing @itemx refreshing -operation by which a @ref{72,,dirty coin} is converted into one or more -@ref{68,,fresh} coins. Involves @ref{78,,melting} the @ref{72,,dirty coin} and -then @ref{8f,,revealing} so-called @ref{90,,transfer keys}. -@anchor{taler-developer-manual term-refund}@anchor{91} +operation by which a @ref{75,,dirty coin} is converted into one or more +@ref{6b,,fresh} coins. Involves @ref{7b,,melting} the @ref{75,,dirty coin} and +then @ref{92,,revealing} so-called @ref{93,,transfer keys}. +@anchor{taler-developer-manual term-refund}@anchor{94} @geindex refund -@item refund@anchor{taler-developer-manual term-refunding}@anchor{79} +@item refund@anchor{taler-developer-manual term-refunding}@anchor{7c} @geindex refunding @itemx refunding operation by which a merchant steps back from the right to funds that he -obtained from a @ref{6e,,deposit} operation, giving the right to the funds back +obtained from a @ref{71,,deposit} operation, giving the right to the funds back to the customer -@anchor{taler-developer-manual term-refund-transaction-id}@anchor{92} +@anchor{taler-developer-manual term-refund-transaction-id}@anchor{95} @geindex refund transaction id @item refund transaction id -unique number by which a merchant identifies a @ref{91,,refund}. Needed +unique number by which a merchant identifies a @ref{94,,refund}. Needed as refunds can be partial and thus there could be multiple refunds for -the same @ref{8b,,purchase}. -@anchor{taler-developer-manual term-relative-time}@anchor{4c} +the same @ref{8e,,purchase}. +@anchor{taler-developer-manual term-relative-time}@anchor{4f} @geindex relative time @item relative time -method of keeping time in @ref{4b,,GNUnet} where the time is represented +method of keeping time in @ref{4e,,GNUnet} where the time is represented as a relative number of microseconds. Thus, a relative time specifies an offset or a duration, but not a date. Called relative time in -contrast to @ref{4a,,absolute time}. -@anchor{taler-developer-manual term-reserve}@anchor{5e} +contrast to @ref{4d,,absolute time}. +@anchor{taler-developer-manual term-reserve}@anchor{61} @geindex reserve @item reserve accounting mechanism used by the exchange to track customer funds -from incoming @ref{7a,,wire transfers}. A reserve is created whenever +from incoming @ref{7d,,wire transfers}. A reserve is created whenever a customer wires money to the exchange using a well-formed public key -in the subject. The exchange then allows the customer’s @ref{55,,wallet} -to @ref{60,,withdraw} up to the amount received in @ref{68,,fresh} -@ref{57,,coins} from the reserve, thereby draining the reserve. If a -reserve is not drained, the exchange eventually @ref{5b,,closes} it. +in the subject. The exchange then allows the customer’s @ref{58,,wallet} +to @ref{63,,withdraw} up to the amount received in @ref{6b,,fresh} +@ref{5a,,coins} from the reserve, thereby draining the reserve. If a +reserve is not drained, the exchange eventually @ref{5e,,closes} it. Other definition: Funds set aside for future use; either the balance of a customer at the exchange ready for withdrawal, or the funds kept in the exchange;s bank account to cover obligations from coins in circulation. -@anchor{taler-developer-manual term-reveal}@anchor{6a} +@anchor{taler-developer-manual term-reveal}@anchor{6d} @geindex reveal -@item reveal@anchor{taler-developer-manual term-revealing}@anchor{8f} +@item reveal@anchor{taler-developer-manual term-revealing}@anchor{92} @geindex revealing @itemx revealing -step in the @ref{67,,refresh} protocol where some of the transfer private +step in the @ref{6a,,refresh} protocol where some of the transfer private keys are revealed to prove honest behavior on the part of the wallet. -In the reveal step, the exchange returns the signed @ref{68,,fresh} coins. -@anchor{taler-developer-manual term-revoke}@anchor{93} +In the reveal step, the exchange returns the signed @ref{6b,,fresh} coins. +@anchor{taler-developer-manual term-revoke}@anchor{96} @geindex revoke -@item revoke@anchor{taler-developer-manual term-revocation}@anchor{8d} +@item revoke@anchor{taler-developer-manual term-revocation}@anchor{90} @geindex revocation @itemx revocation @@ -2478,109 +2566,109 @@ exceptional operation by which an exchange withdraws a denomination from circulation, either because the signing key was compromised or because the exchange is going out of operation; unspent coins of a revoked denomination are subjected to recoup. -@anchor{taler-developer-manual term-sharing}@anchor{94} +@anchor{taler-developer-manual term-sharing}@anchor{97} @geindex sharing @item sharing -users can share ownership of a @ref{62,,coin} by sharing access to the coin's +users can share ownership of a @ref{65,,coin} by sharing access to the coin's private key, thereby allowing all co-owners to spend the coin at any time. -@anchor{taler-developer-manual term-spend}@anchor{56} +@anchor{taler-developer-manual term-spend}@anchor{59} @geindex spend -@item spend@anchor{taler-developer-manual term-spending}@anchor{95} +@item spend@anchor{taler-developer-manual term-spending}@anchor{98} @geindex spending @itemx spending operation by which a customer gives a merchant the right to deposit coins in return for merchandise -@anchor{taler-developer-manual term-terms}@anchor{96} +@anchor{taler-developer-manual term-terms}@anchor{99} @geindex terms @item terms the general terms of service of an operator, possibly including -the @ref{88,,privacy policy}. Not to be confused with the -@ref{6c,,contract terms} which are about the specific purchase. -@anchor{taler-developer-manual term-transaction}@anchor{97} +the @ref{8b,,privacy policy}. Not to be confused with the +@ref{6f,,contract terms} which are about the specific purchase. +@anchor{taler-developer-manual term-transaction}@anchor{9a} @geindex transaction @item transaction method by which ownership is exclusively transferred from one entity -@anchor{taler-developer-manual term-transfer}@anchor{53} +@anchor{taler-developer-manual term-transfer}@anchor{56} @geindex transfer -@item transfer@anchor{taler-developer-manual term-transfers}@anchor{98} +@item transfer@anchor{taler-developer-manual term-transfers}@anchor{9b} @geindex transfers -@itemx transfers@anchor{taler-developer-manual term-wire-transfer}@anchor{50} +@itemx transfers@anchor{taler-developer-manual term-wire-transfer}@anchor{53} @geindex wire transfer -@itemx wire transfer@anchor{taler-developer-manual term-wire-transfers}@anchor{7a} +@itemx wire transfer@anchor{taler-developer-manual term-wire-transfers}@anchor{7d} @geindex wire transfers @itemx wire transfers -method of sending funds between @ref{51,,bank} accounts -@anchor{taler-developer-manual term-transfer-key}@anchor{99} +method of sending funds between @ref{54,,bank} accounts +@anchor{taler-developer-manual term-transfer-key}@anchor{9c} @geindex transfer key -@item transfer key@anchor{taler-developer-manual term-transfer-keys}@anchor{90} +@item transfer key@anchor{taler-developer-manual term-transfer-keys}@anchor{93} @geindex transfer keys @itemx transfer keys -special cryptographic key used in the @ref{67,,refresh} protocol, some of which -are revealed during the @ref{6a,,reveal} step. Note that transfer keys have, -despite the name, no relationship to @ref{7a,,wire transfers}. They merely -help to transfer the value from a @ref{72,,dirty coin} to a @ref{7b,,fresh coin} -@anchor{taler-developer-manual term-user}@anchor{9a} +special cryptographic key used in the @ref{6a,,refresh} protocol, some of which +are revealed during the @ref{6d,,reveal} step. Note that transfer keys have, +despite the name, no relationship to @ref{7d,,wire transfers}. They merely +help to transfer the value from a @ref{75,,dirty coin} to a @ref{7e,,fresh coin} +@anchor{taler-developer-manual term-user}@anchor{9d} @geindex user @item user any individual using the Taler payment system -(see @ref{59,,customer}, @ref{54,,buyer}, @ref{4f,,merchant}). -@anchor{taler-developer-manual term-version}@anchor{9b} +(see @ref{5c,,customer}, @ref{57,,buyer}, @ref{52,,merchant}). +@anchor{taler-developer-manual term-version}@anchor{9e} @geindex version @item version Taler uses various forms of versioning. There is a database schema version (stored itself in the database, see *-0000.sql) describing -the state of the table structure in the database of an @ref{4e,,exchange}, -@ref{52,,auditor} or @ref{4f,,merchant}. There is a protocol +the state of the table structure in the database of an @ref{51,,exchange}, +@ref{55,,auditor} or @ref{52,,merchant}. There is a protocol version (CURRENT:REVISION:AGE, see GNU libtool) which specifies -the network protocol spoken by an @ref{4e,,exchange} or @ref{4f,,merchant} +the network protocol spoken by an @ref{51,,exchange} or @ref{52,,merchant} including backwards-compatibility. And finally there is the software release version (MAJOR.MINOR.PATCH, see @indicateurl{https://semver.org/}) of the respective code base. -@anchor{taler-developer-manual term-wallet}@anchor{55} +@anchor{taler-developer-manual term-wallet}@anchor{58} @geindex wallet @item wallet software running on a customer’s computer; withdraws, stores and spends coins -@anchor{taler-developer-manual term-WebExtension}@anchor{9c} +@anchor{taler-developer-manual term-WebExtension}@anchor{9f} @geindex WebExtension @item WebExtension Cross-browser API used to implement the GNU Taler wallet browser extension. -@anchor{taler-developer-manual term-wire-gateway}@anchor{9d} +@anchor{taler-developer-manual term-wire-gateway}@anchor{a0} @geindex wire gateway @item wire gateway FIXME: explain -@anchor{taler-developer-manual term-wire-transfer-identifier}@anchor{9e} +@anchor{taler-developer-manual term-wire-transfer-identifier}@anchor{a1} @geindex wire transfer identifier -@item wire transfer identifier@anchor{taler-developer-manual term-wtid}@anchor{9f} +@item wire transfer identifier@anchor{taler-developer-manual term-wtid}@anchor{a2} @geindex wtid @itemx wtid @@ -2588,35 +2676,35 @@ FIXME: explain Subject of a wire transfer from the exchange to a merchant; set by the aggregator to a random nonce which uniquely identifies the transfer. -@anchor{taler-developer-manual term-withdraw}@anchor{60} +@anchor{taler-developer-manual term-withdraw}@anchor{63} @geindex withdraw -@item withdraw@anchor{taler-developer-manual term-withdrawing}@anchor{77} +@item withdraw@anchor{taler-developer-manual term-withdrawing}@anchor{7a} @geindex withdrawing -@itemx withdrawing@anchor{taler-developer-manual term-withdrawal}@anchor{a0} +@itemx withdrawing@anchor{taler-developer-manual term-withdrawal}@anchor{a3} @geindex withdrawal @itemx withdrawal -operation by which a @ref{55,,wallet} can convert funds from a @ref{5e,,reserve} to +operation by which a @ref{58,,wallet} can convert funds from a @ref{61,,reserve} to fresh coins -@anchor{taler-developer-manual term-zombie}@anchor{a1} +@anchor{taler-developer-manual term-zombie}@anchor{a4} @geindex zombie -@item zombie@anchor{taler-developer-manual term-zombie-coin}@anchor{a2} +@item zombie@anchor{taler-developer-manual term-zombie-coin}@anchor{a5} @geindex zombie coin @itemx zombie coin -coin where the respective @ref{6d,,denomination key} is past its -@ref{6e,,deposit} @ref{75,,expiration} time, but which is still (again) valid -for an operation because it was @ref{83,,melted} while it was still -valid, and then later again credited during a @ref{8c,,recoup} process +coin where the respective @ref{70,,denomination key} is past its +@ref{71,,deposit} @ref{78,,expiration} time, but which is still (again) valid +for an operation because it was @ref{86,,melted} while it was still +valid, and then later again credited during a @ref{8f,,recoup} process @end table @node Developer Tools,Index,Developer Glossary,Top -@anchor{taler-developer-manual developer-tools}@anchor{a3} +@anchor{taler-developer-manual developer-tools}@anchor{a6} @chapter Developer Tools @@ -2629,7 +2717,7 @@ developer. @end menu @node taler-config-generate,,,Developer Tools -@anchor{taler-developer-manual taler-config-generate}@anchor{a4} +@anchor{taler-developer-manual taler-config-generate}@anchor{a7} @section taler-config-generate @@ -2708,7 +2796,7 @@ Print version information. @item @strong{-w} @emph{WIREFORMAT} | @strong{–wire} @emph{WIREFORMAT} -Specifies which wire format to use (i.e. “test” or “sepa”) +Specifies which wire format to use (i.e. “x-talerbank” or “iban”) @item @strong{–bank-uri} diff --git a/texinfo/taler-exchange.texi b/texinfo/taler-exchange.texi index 8872a3c0..f0b39fa2 100644 --- a/texinfo/taler-exchange.texi +++ b/texinfo/taler-exchange.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team @@ -98,6 +98,7 @@ Installation * Installing from source:: * Installing the GNU Taler binary packages on Debian:: +* Installing the GNU Taler binary packages on Trisquel:: * Installing the GNU Taler binary packages on Ubuntu:: Configuration @@ -203,7 +204,7 @@ etc.). This manual will not cover these aspects of operating a payment service provider. We will assume that you can operate a (high-availability, -high-assurance) Postgres database. Furthermore, we expect some moderate +high-assurance) PostgreSQL database. Furthermore, we expect some moderate familiarity with the compilation and installation of free software packages. You need to understand the cryptographic concepts of private and public keys and must be able to protect private keys stored in files @@ -233,7 +234,7 @@ funds in an escrow account. Note that, given the technical burden (XML-based communications, additional cryptography, and a vast variety of standards) due to -interact with banks, the exchange uses a intermediary system to talk +interact with banks, the exchange uses an intermediary system to talk to its bank. Such intermediary system abstracts the native banking protocol by exposing the @emph{Taler Wire Gateway API}; this way, the exchange can conduct its banking operations in a simplified and JSON-based style. @@ -274,7 +275,7 @@ binary is the @code{taler-exchange-httpd}. @item Crypto-Helpers The @code{taler-exchange-secmod-rsa} and @code{taler-exchange-secmod-eddsa} -are two programs that are responsible for managing the exchange’s +are two programs that are responsible for managing the exchange's online signing keys. They must run on the same machine as the @code{taler-exchange-httpd} as the HTTP frontend communicates with the crypto helpers using UNIX Domain Sockets. @@ -293,7 +294,7 @@ Closer The @code{taler-exchange-closer} tool check that reserves are properly closed. If a customer wires funds to an exchange and then fails to withdraw them, the closer will (eventually) trigger a wire -transfer that sends the customer’s funds back to the originating +transfer that sends the customer's funds back to the originating wire account. @item @@ -334,7 +335,7 @@ the Python bank provides a bank that directly provides the wire adapter API. @item -For production, libeufin’s Nexus component implements a wire +For production, libeufin's Nexus component implements a wire adapter towards the traditional SEPA banking system with IBAN accounts. @end enumerate @@ -348,9 +349,9 @@ DBMS The exchange requires a DBMS to stores the transaction history for the Taler exchange and aggregator, and a (typically separate) DBMS for the Taler auditor. For now, the GNU Taler reference implementation -only supports Postgres, but the code could be easily extended to +only supports PostgreSQL, but the code could be easily extended to support another DBMS. -.. index:: Postgres +.. index:: PostgreSQL @item Auditor @@ -371,7 +372,7 @@ copy of the database. The exchange (and ideally also auditors) uses a long-term offline master siging key that identifies the operator and is used to authenticate critical -information, such as the exchange’s bank account and the actual keys the +information, such as the exchange's bank account and the actual keys the exchange uses online. Interactions with the offline system are performed using the @@ -430,7 +431,7 @@ expires or if they are informed about a key having been revoked. From a security point of view, the helpers are designed to @emph{only} make it -harder for an attacker who took control of the HTTP daemon’s account to +harder for an attacker who took control of the HTTP daemon's account to extract the private keys, limiting the attackers ability to creating signatures to the duration of their control of that account. @@ -450,8 +451,8 @@ The helper processes should be run under a user ID that is separate from that of the user running the main @code{taler-exchange-httpd} service. For security, it is important that helpers run under a different user ID than the main HTTP frontend, in fact ideally each helper should run under its own user ID. The -@code{taler-exchange-httpd} service’s will securely communicate with the helpers -using UNIX domain sockets. To enable access to the keys, the service’s user +@code{taler-exchange-httpd} service's will securely communicate with the helpers +using UNIX domain sockets. To enable access to the keys, the service's user must be in the group of the helper processes (and no other users should be in that group). @@ -482,6 +483,13 @@ exchange compilation. @itemize - @item +Python3 module @code{jinja2} +@end itemize + + +@itemize - + +@item libsqlite3 >= 3.16.2 @item @@ -506,13 +514,13 @@ libargon2 >= 20171227 libjansson >= 2.7 @item -Postgres >= 9.6, including libpq +PostgreSQL >= 13, including libpq @item GNU libmicrohttpd >= 0.9.71 @item -GNUnet >= 0.14.0 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) +GNUnet >= 0.16 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) @item GNU Taler exchange (from download directory@footnote{http://ftpmirror.gnu.org/taler/}, @@ -526,6 +534,7 @@ manager. @menu * Installing from source:: * Installing the GNU Taler binary packages on Debian:: +* Installing the GNU Taler binary packages on Trisquel:: * Installing the GNU Taler binary packages on Ubuntu:: @end menu @@ -577,54 +586,32 @@ which requires you to run the last step as @code{root}. You have to specify @code{--with-gnunet=/usr/local} if you installed GNUnet to @code{/usr/local} in the previous step. -@node Installing the GNU Taler binary packages on Debian,Installing the GNU Taler binary packages on Ubuntu,Installing from source,Installation +Please note that unlike most packages, if you want to run the @code{make check} +command, you should run it only @emph{after} having done @code{make install}. The +latter ensures that necessary binaries are copied to the right place. + +Gratuitous editorial note by TTN: I think this is a quirk that we should +fix in the long-term as such weirdness might hide other build issues. +However, this is probably a minority viewpoint. + +In any case, if @code{make check} fails, please consider filing a +bug report with the Taler bug tracker@footnote{https://bugs.taler.net}. + +@node Installing the GNU Taler binary packages on Debian,Installing the GNU Taler binary packages on Trisquel,Installing from source,Installation @anchor{taler-exchange-manual installing-the-gnu-taler-binary-packages-on-debian}@anchor{f} @section Installing the GNU Taler binary packages on Debian To install the GNU Taler Debian packages, first ensure that you have the right Debian distribution. At this time, the packages are built for -Sid, which means you should use a system which at least includes -unstable packages in its source list. We recommend using APT pinning -to limit unstable packages to those explicitly requested. To do this, -set your @code{/etc/apt/preferences} as follows: - -@example -Package: * -Pin: release a=stable -Pin-Priority: 700 +Bullseye. -Package: * -Pin: release a=testing -Pin-Priority: 650 - -Package: * -Pin: release a=unstable -Pin-Priority: 600 - -Package: * -Pin: release l=Debian-Security -Pin-Priority: 1000 -@end example - -A typical @code{/etc/apt/sources.list} file for this setup -which combines Debian stable with more recent packages -from testing and unstable would look like this: - -@example -deb http://ftp.ch.debian.org/debian/ buster main -deb http://security.debian.org/debian-security buster/updates main -deb http://ftp.ch.debian.org/debian/ testing main -deb http://ftp.ch.debian.org/debian/ unstable main -@end example - -Naturally, you may want to use different mirrors depending on your region. -Additionally, you must add a file to import the GNU Taler packages. Typically, +You need to add a file to import the GNU Taler packages. Typically, this is done by adding a file @code{/etc/apt/sources.list.d/taler.list} that looks like this: @example -deb https://deb.taler.net/apt/debian sid main +deb https://deb.taler.net/apt/debian bullseye main @end example Next, you must import the Taler Systems SA public package signing key @@ -659,8 +646,18 @@ offline signing and the terms of service. Sample configuration files for the HTTP reverse proxy can be found in @code{/etc/taler-exchange/}. -@node Installing the GNU Taler binary packages on Ubuntu,,Installing the GNU Taler binary packages on Debian,Installation -@anchor{taler-exchange-manual installing-the-gnu-taler-binary-packages-on-ubuntu}@anchor{10} +@node Installing the GNU Taler binary packages on Trisquel,Installing the GNU Taler binary packages on Ubuntu,Installing the GNU Taler binary packages on Debian,Installation +@anchor{taler-exchange-manual installing-the-gnu-taler-binary-packages-on-trisquel}@anchor{10} +@section Installing the GNU Taler binary packages on Trisquel + + +To install the GNU Taler Trisquel packages, first ensure that you have +the right Trisquel distribution. Packages are currently available for +Trisquel GNU/Linux 10.0. Simply follow the same instructions provided +for Ubuntu 20.04 LTS (Focal Fossa). + +@node Installing the GNU Taler binary packages on Ubuntu,,Installing the GNU Taler binary packages on Trisquel,Installation +@anchor{taler-exchange-manual installing-the-gnu-taler-binary-packages-on-ubuntu}@anchor{11} @section Installing the GNU Taler binary packages on Ubuntu @@ -710,7 +707,7 @@ Sample configuration files for the HTTP reverse proxy can be found in @code{/etc/taler-exchange/}. @node Configuration<2>,Deployment,Installation,Top -@anchor{taler-exchange-manual id1}@anchor{11} +@anchor{taler-exchange-manual id1}@anchor{12} @chapter Configuration @@ -734,7 +731,7 @@ of some of the options. @end menu @node Configuration format,Using taler-config,,Configuration<2> -@anchor{taler-exchange-manual configuration-format}@anchor{12} +@anchor{taler-exchange-manual configuration-format}@anchor{13} @section Configuration format @@ -809,7 +806,7 @@ merchant needs to know an exchange URL, or a database name. @end quotation @node Using taler-config,Keying,Configuration format,Configuration<2> -@anchor{taler-exchange-manual using-taler-002dconfig-exchange}@anchor{13}@anchor{taler-exchange-manual using-taler-config}@anchor{14} +@anchor{taler-exchange-manual using-taler-002dconfig-exchange}@anchor{14}@anchor{taler-exchange-manual using-taler-config}@anchor{15} @section Using taler-config @@ -862,7 +859,7 @@ to @code{taler-merchant-httpd} and @code{taler-config} using the @code{-c} option. @node Keying,Serving,Using taler-config,Configuration<2> -@anchor{taler-exchange-manual id2}@anchor{15}@anchor{taler-exchange-manual keying}@anchor{16} +@anchor{taler-exchange-manual id2}@anchor{16}@anchor{taler-exchange-manual keying}@anchor{17} @section Keying @@ -890,9 +887,9 @@ denomination keys (signs electronic coins, see section Coins) security module keys (signs sign keys and denomination keys) @end itemize -Additionally, the exchange is sometimes concerned with the auditor’s public +Additionally, the exchange is sometimes concerned with the auditor's public key (to verify messages signed by auditors approved by the exchange operator) -and the merchant’s public key (to verify refunds are authorized by the +and the merchant's public key (to verify refunds are authorized by the merchant). Key options include: @@ -908,7 +905,7 @@ Key options include: @end itemize @node Serving,Currency,Keying,Configuration<2> -@anchor{taler-exchange-manual id3}@anchor{17}@anchor{taler-exchange-manual serving}@anchor{18} +@anchor{taler-exchange-manual id3}@anchor{18}@anchor{taler-exchange-manual serving}@anchor{19} @section Serving @@ -936,7 +933,7 @@ for the @code{UNIXPATH} (i.e. 660 = @code{rw-rw---}). @end itemize @node Currency,Database,Serving,Configuration<2> -@anchor{taler-exchange-manual currency}@anchor{19}@anchor{taler-exchange-manual id4}@anchor{1a} +@anchor{taler-exchange-manual currency}@anchor{1a}@anchor{taler-exchange-manual id4}@anchor{1b} @section Currency @@ -944,7 +941,7 @@ The exchange supports only one currency. This data is set under the respective option @code{CURRENCY} in section @code{[taler]}. @node Database,Coins denomination keys,Currency,Configuration<2> -@anchor{taler-exchange-manual database}@anchor{1b}@anchor{taler-exchange-manual id5}@anchor{1c} +@anchor{taler-exchange-manual database}@anchor{1c}@anchor{taler-exchange-manual id5}@anchor{1d} @section Database @@ -992,7 +989,7 @@ Commands, like @code{taler-exchange-dbinit}, that support the @code{-l LOGFILE} command-line option, send logging output to standard error by default. @node Coins denomination keys,Sign keys,Database,Configuration<2> -@anchor{taler-exchange-manual coins-denomination-keys}@anchor{1d}@anchor{taler-exchange-manual id6}@anchor{1e} +@anchor{taler-exchange-manual coins-denomination-keys}@anchor{1e}@anchor{taler-exchange-manual id6}@anchor{1f} @section Coins (denomination keys) @@ -1009,7 +1006,7 @@ must then have the following options: @item @code{VALUE}: How much is the coin worth, the format is -CURRENCY:VALUE.FRACTION. For example, a 10 cent piece is “EUR:0.10”. +CURRENCY:VALUE.FRACTION. For example, a 10 cent piece is "EUR:0.10". @item @code{DURATION_WITHDRAW}: How long can a coin of this type be withdrawn? @@ -1086,7 +1083,7 @@ to the same configuration file! @end cartouche @node Sign keys,Terms of Service,Coins denomination keys,Configuration<2> -@anchor{taler-exchange-manual id7}@anchor{1f}@anchor{taler-exchange-manual sign-keys}@anchor{20} +@anchor{taler-exchange-manual id7}@anchor{20}@anchor{taler-exchange-manual sign-keys}@anchor{21} @section Sign keys @@ -1124,11 +1121,11 @@ delayed. @end cartouche @node Terms of Service,Bank account,Sign keys,Configuration<2> -@anchor{taler-exchange-manual terms-of-service}@anchor{21} +@anchor{taler-exchange-manual terms-of-service}@anchor{22} @section Terms of Service -The exchange has an endpoint “/terms” to return the terms of service +The exchange has an endpoint "/terms" to return the terms of service (in legal language) of the exchange operator. The wallet will show those terms of service to the user when the user is first withdrawing coins. Terms of service are optional for experimental deployments, @@ -1142,7 +1139,7 @@ in the @code{[exchange]} section: @itemize - @item -@code{TERMS_ETAG}: The current “Etag” to return for the terms of service. +@code{TERMS_ETAG}: The current "Etag" to return for the terms of service. This value must be changed whenever the terms of service are updated. A common value to use would be a version number. Note that if you change the @code{TERMS_ETAG}, you MUST also provide @@ -1156,7 +1153,7 @@ process. The @code{TERMS_DIR} directory structure must follow a particular layout. First, inside of @code{TERMS_DIR}, there should be sub-directories using -two-letter language codes like “en”, “de”, or “jp”. Each of these +two-letter language codes like "en", "de", or "jp". Each of these directories would then hold translations of the current terms of service into the respective language. Empty directories are permitted in case translations are not available. @@ -1174,11 +1171,11 @@ present, the exchange may show a warning on startup. @end menu @node Example,,,Terms of Service -@anchor{taler-exchange-manual example}@anchor{22} +@anchor{taler-exchange-manual example}@anchor{23} @subsection Example -A sample file structure for a @code{TERMS_ETAG} of “v1” would be: +A sample file structure for a @code{TERMS_ETAG} of "v1" would be: @itemize - @@ -1205,12 +1202,12 @@ TERMS_DIR/de/v1.pdf TERMS_DIR/fr/v1.pdf @end itemize -If the user requests an HTML format with language preferences “fr” followed by “en”, +If the user requests an HTML format with language preferences "fr" followed by "en", the exchange would return @code{TERMS_DIR/en/v1.html} lacking an HTML version in French. @node Bank account,Auditor configuration,Terms of Service,Configuration<2> -@anchor{taler-exchange-manual bank-account}@anchor{23}@anchor{taler-exchange-manual id8}@anchor{24} +@anchor{taler-exchange-manual bank-account}@anchor{24}@anchor{taler-exchange-manual id8}@anchor{25} @section Bank account @@ -1286,7 +1283,7 @@ For details, see manpages/taler-exchange-offline.1. @end menu @node Wire fee structure,,,Bank account -@anchor{taler-exchange-manual id9}@anchor{25}@anchor{taler-exchange-manual wire-fee-structure}@anchor{26} +@anchor{taler-exchange-manual id9}@anchor{26}@anchor{taler-exchange-manual wire-fee-structure}@anchor{27} @subsection Wire fee structure @@ -1294,12 +1291,12 @@ For details, see manpages/taler-exchange-offline.1. @geindex fee -For each wire method (“sepa” or “x-taler-wire”) the +For each wire method (“iban” or “x-taler-bank”) the exchange must know about applicable wire fees. This is also done using the @code{taler-exchange-offline} tool: @example -$ taler-exchange-offline wire-fee iban 2040 EUR:0.05 EUR:0.10 +$ taler-exchange-offline wire-fee iban 2040 EUR:0.05 EUR:0.10 EUR:0.15 @end example The above sets the wire fees for wire transfers involving @code{iban} accounts @@ -1323,7 +1320,7 @@ this maintenance activity! @end cartouche @node Auditor configuration,,Bank account,Configuration<2> -@anchor{taler-exchange-manual auditor-configuration}@anchor{27}@anchor{taler-exchange-manual id10}@anchor{28} +@anchor{taler-exchange-manual auditor-configuration}@anchor{28}@anchor{taler-exchange-manual id10}@anchor{29} @section Auditor configuration @@ -1331,7 +1328,7 @@ The exchange must be informed about any auditor that is expected to provision it with auditor signatures. This is also done using the @code{taler-exchange-offline} tool on the offline system. First, the auditor must be configured and provide the exchange operator with its public key and -the URL of it’s REST API. The exchange operator also needs a human-readable +the URL of it's REST API. The exchange operator also needs a human-readable name that may be shown to users to identify the auditor. Given this information, the exchange operator can enable the auditor: @@ -1343,7 +1340,7 @@ As before, the @emph{auditor.json} file must then be copied from the offline sys to a system connected to the exchange and there @code{uploaded} to the exchange. @node Deployment,Testing a deployment,Configuration<2>,Top -@anchor{taler-exchange-manual deployment}@anchor{29}@anchor{taler-exchange-manual id11}@anchor{2a} +@anchor{taler-exchange-manual deployment}@anchor{2a}@anchor{taler-exchange-manual id11}@anchor{2b} @chapter Deployment @@ -1359,7 +1356,7 @@ configured. @end menu @node Launching an exchange,Keys generation,,Deployment -@anchor{taler-exchange-manual launch}@anchor{2b}@anchor{taler-exchange-manual launching-an-exchange}@anchor{2c} +@anchor{taler-exchange-manual launch}@anchor{2c}@anchor{taler-exchange-manual launching-an-exchange}@anchor{2d} @section Launching an exchange @@ -1395,7 +1392,7 @@ they should use the same configuration file. For the most secure deployment, we recommend using separate users for each of these processes to minimize information disclosures should any of them be -compromised. The helpers do not need access to the Postgres database (and +compromised. The helpers do not need access to the PostgreSQL database (and thus also should not have it). The processes that require access to the bank account need to have a @@ -1431,7 +1428,7 @@ attack surface.) @end cartouche @node Keys generation,Private key storage,Launching an exchange,Deployment -@anchor{taler-exchange-manual id12}@anchor{2d}@anchor{taler-exchange-manual keys-generation}@anchor{2e} +@anchor{taler-exchange-manual id12}@anchor{2e}@anchor{taler-exchange-manual keys-generation}@anchor{2f} @section Keys generation @@ -1488,7 +1485,7 @@ $ taler-auditor-offline download sign upload For more information, see manpages/taler-auditor-offline.1. @node Private key storage,Database upgrades,Keys generation,Deployment -@anchor{taler-exchange-manual private-key-storage}@anchor{2f} +@anchor{taler-exchange-manual private-key-storage}@anchor{30} @section Private key storage @@ -1500,7 +1497,7 @@ regenerated. However, we do recommend using RAID (1+1 or 1+1+1) for all disks of the system. @node Database upgrades,,Private key storage,Deployment -@anchor{taler-exchange-manual database-upgrades}@anchor{30}@anchor{taler-exchange-manual id13}@anchor{31} +@anchor{taler-exchange-manual database-upgrades}@anchor{31}@anchor{taler-exchange-manual id13}@anchor{32} @section Database upgrades @@ -1524,7 +1521,7 @@ not be performed in a production system. @end menu @node Revocations,,,Database upgrades -@anchor{taler-exchange-manual id14}@anchor{32}@anchor{taler-exchange-manual revocations}@anchor{33} +@anchor{taler-exchange-manual id14}@anchor{33}@anchor{taler-exchange-manual revocations}@anchor{34} @subsection Revocations @@ -1557,7 +1554,7 @@ operation. @end cartouche @node Testing a deployment,Diagnostics,Deployment,Top -@anchor{taler-exchange-manual testing-a-deployment}@anchor{34} +@anchor{taler-exchange-manual testing-a-deployment}@anchor{35} @chapter Testing a deployment @@ -1568,7 +1565,7 @@ separate merchant backend and storefront. For more information, see taler-wallet-cli-manual. @node Diagnostics,Benchmarking,Testing a deployment,Top -@anchor{taler-exchange-manual diagnostics}@anchor{35}@anchor{taler-exchange-manual id15}@anchor{36} +@anchor{taler-exchange-manual diagnostics}@anchor{36}@anchor{taler-exchange-manual id15}@anchor{37} @chapter Diagnostics @@ -1583,12 +1580,12 @@ helpful for diagnostics. @end menu @node Internal audits,Database Scheme,,Diagnostics -@anchor{taler-exchange-manual internal-audit}@anchor{37}@anchor{taler-exchange-manual internal-audits}@anchor{38} +@anchor{taler-exchange-manual internal-audit}@anchor{38}@anchor{taler-exchange-manual internal-audits}@anchor{39} @section Internal audits While an exchange should use an external auditor to attest to regulators that -it is operating correctly, an exchange operator can also use the auditor’s +it is operating correctly, an exchange operator can also use the auditor's logic to perform internal checks. For this, an exchange operator can generally follow the auditor guide. However, instead of using @code{taler-auditor-sync}, an internal audit can and likely should be performed either directly against @@ -1611,7 +1608,7 @@ from the very beginning, this is generally not recommended as this may be too expensive. @node Database Scheme,,Internal audits,Diagnostics -@anchor{taler-exchange-manual database-scheme}@anchor{39}@anchor{taler-exchange-manual id16}@anchor{3a} +@anchor{taler-exchange-manual database-scheme}@anchor{3a}@anchor{taler-exchange-manual id16}@anchor{3b} @section Database Scheme @@ -1627,21 +1624,21 @@ The database scheme used by the exchange looks as follows: @image{taler-exchange-figures/exchange-db,,,,png} @node Benchmarking,Index,Diagnostics,Top -@anchor{taler-exchange-manual benchmarking}@anchor{3b}@anchor{taler-exchange-manual exchangebenchmarking}@anchor{3c} +@anchor{taler-exchange-manual benchmarking}@anchor{3c}@anchor{taler-exchange-manual exchangebenchmarking}@anchor{3d} @chapter Benchmarking This chapter describes how to run the Taler exchange benchmark. The benchmark can be used to measure the performance of the exchange by running a (possibly large) number of simulated clients against one Taler deployment with a bank, -exchange and auditor. For the bank, both a “fakebank” (@code{-f}) and a -“Pythonbank” deployment are currently supported. The +exchange and auditor. For the bank, both a "fakebank" (@code{-f}) and a +"Pythonbank" deployment are currently supported. The @code{taler-exchange-benchmark} program can launch all required services and clients, or only launch the parallel clients (@code{-m}), for example for distributed testing over a network. For each @emph{parallel} (@code{-p}) client, a number of @emph{reserves} (@code{-r}) is first established by -@strong{transferring} money from a “user” account (42) to the Exchange’s account +@strong{transferring} money from a "user" account (42) to the Exchange's account with the respective reserve public key as wire subject. Next, the client will @strong{withdraw} a @emph{number of coins} (@code{-n}) from the reserve and @strong{deposit} them. Additionally, a @emph{fraction} (@code{-R}) of the dirty coins will then be @@ -1661,7 +1658,7 @@ You can run a first simple benchmark using: @cartouche @quotation Note FIXME-TTN/CG: these instructions are incomplete and untested for the -current iteration of the code… +current iteration of the code... @end quotation @end cartouche @@ -1672,8 +1669,9 @@ $ taler-exchange-httpd -c benchmark.conf & $ HTTPD_PID=$! $ taler-exchange-offline -c benchmark.conf \ download sign \ - enable-account FIXME-DETAILS-MISING-HERE \ - wire-fee FIXME-DETAILS-MISING-HERE \ + enable-account payto://iban/CH9300762011623852957 \ + wire-fee iban EUR:0 EUR:0 EUR:0 \ + global-fee EUR:0 EUR:0 EUR:0 EUR:0 4w 4w 6y 4 \ upload $ kill -TERM $HTTPD_PID $ taler-exchange-benchmark -c benchmark.conf -p 4 -r 1 -n 10 @@ -1691,7 +1689,7 @@ repetitions (i.e. if the operation failed the first time), total execution time (operating system and user space) and other details. Naturally, additional instrumentation (including using features of the -Postgres database itself) may help discover performance issues. +PostgreSQL database itself) may help discover performance issues. @node Index,,Benchmarking,Top @unnumbered Index diff --git a/texinfo/taler-merchant-api-tutorial.texi b/texinfo/taler-merchant-api-tutorial.texi index a0b32006..3b0cf015 100644 --- a/texinfo/taler-merchant-api-tutorial.texi +++ b/texinfo/taler-merchant-api-tutorial.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team @@ -453,7 +453,7 @@ the merchant’s obligations under the contract. @cartouche @quotation Note You do not need to keep querying to notice changes -to the order’s transaction status. The endpoints +to the order's transaction status. The endpoints support long polling, simply specify a @code{timeout_ms} query parameter with how long you want to wait at most for the order status to change to @code{paid}. @@ -551,8 +551,8 @@ from the QR code). The merchant backend then updates the session ID of the existing order to the current session ID of the browser. When the payment status for the -“new” unpaid order is checked (or already in long-polling), the backend -detects that for the browser’s @emph{session ID} and @emph{fulfillment URL} there is an +"new" unpaid order is checked (or already in long-polling), the backend +detects that for the browser's @emph{session ID} and @emph{fulfillment URL} there is an existing paid contract. It then tells the browser to immediately redirect to the fulfillment URL where the already paid article is available. diff --git a/texinfo/taler-merchant.texi b/texinfo/taler-merchant.texi index 5c5f9e5b..6dbf0e29 100644 --- a/texinfo/taler-merchant.texi +++ b/texinfo/taler-merchant.texi @@ -21,7 +21,7 @@ @copying @quotation -GNU Taler 0.8.2, Aug 08, 2021 +GNU Taler 0.8.2, Jun 20, 2022 GNU Taler team @@ -86,6 +86,7 @@ Installation * Generic instructions for installation from source:: * Installing the GNU Taler binary packages on Debian:: +* Installing the GNU Taler binary packages on Trisquel:: * Installing the GNU Taler binary packages on Ubuntu:: * Installing Taler on Debian GNU/Linux from source:: @@ -123,6 +124,7 @@ Secure setup * Using UNIX domain sockets:: * Reverse proxy configuration:: * Access control:: +* Status code remapping:: Reverse proxy configuration @@ -134,6 +136,11 @@ Access control * Nginx: Nginx<2>. * Apache: Apache<2>. +Status code remapping + +* Nginx: Nginx<3>. +* Apache: Apache<3>. + Customization * Templates:: @@ -248,7 +255,7 @@ special currency “KUDOS” and includes its own special bank. @geindex DBMS -@geindex Postgres +@geindex PostgreSQL The Taler software stack for a merchant consists of four main components: @@ -282,8 +289,8 @@ describes how to install and configure this backend. @item A @emph{DBMS} which stores the transaction history for the Taler backend. For now, the GNU Taler reference implementation only supports -Postgres, but the code could be easily extended to support another -DBMS. Please review the Postgres documentation for details on +PostgreSQL, but the code could be easily extended to support another +DBMS. Please review the PostgreSQL documentation for details on how to configure the database. @end itemize @@ -347,7 +354,7 @@ the main Taler configuration (accepted currency, exchanges and auditors). To receive payments, an instance must have configured one or more bank @emph{accounts}. The backend does not have accounts for users, and instances are -also not really ‘accounts’. So whenever we use the term @emph{account}, it is about +also not really 'accounts'. So whenever we use the term @emph{account}, it is about a bank account of a merchant. @node Inventory,Orders and Contracts,Accounts,Terminology @@ -417,6 +424,13 @@ actors claiming orders is problematic (say because of limited stocks). The use of claim tokens is optional, but if a claim token is used, it must be provided to the wallet as part of the order URI. +Additionally, when stocks are limited, you can configure Taler to +set a @emph{product lock} on items (say, while composing the shopping cart). +These locks, as well as the @emph{order lock} (when the order is complete), +can be configured to auto-unlock at certain times. + +@c FIXME: Is "can be configured" correct? (Are there controls surfaced?) + A wallet may @emph{pay} for a claimed order, at which point the order turns into a (paid) contract. Orders have an expiration date after which the commercial offer expires and any stock of products @emph{locked} by the order is released, @@ -446,7 +460,7 @@ decade), contract information is deleted. The Taler backend can be used to verify that the exchange correctly wired all of the funds to the merchant. However, the backend does not have access to the -incoming wire transfers of the merchant’s bank account. Thus, merchants must +incoming wire transfers of the merchant's bank account. Thus, merchants must manually provide the backend with wire @emph{transfer} data that specifies the wire transfer subject and the amount that was received. Given this information, the backend can detect and report any irregularities that might arise. @@ -499,6 +513,7 @@ This chapter describes how to install the GNU Taler merchant backend. @menu * Generic instructions for installation from source:: * Installing the GNU Taler binary packages on Debian:: +* Installing the GNU Taler binary packages on Trisquel:: * Installing the GNU Taler binary packages on Ubuntu:: * Installing Taler on Debian GNU/Linux from source:: @@ -561,13 +576,13 @@ libargon2 >= 20171227 libjansson >= 2.7 @item -Postgres >= 9.6, including libpq +PostgreSQL >= 13, including libpq @item GNU libmicrohttpd >= 0.9.71 @item -GNUnet >= 0.14.0 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) +GNUnet >= 0.16 (from source tarball@footnote{http://ftpmirror.gnu.org/gnunet/}) @item GNU Taler exchange (see release announcement@footnote{https://mail.gnu.org/archive/cgi-bin/namazu.cgi?query=taler&idxname=info-gnu&max=20&result=normal&sort=date:late}) @@ -620,7 +635,7 @@ shared object libraries (@code{.so} files) visible to the various installed programs. There is no need to actually run a GNUnet peer to use the Taler merchant -backend – all the merchant needs from GNUnet is a number of headers and +backend -- all the merchant needs from GNUnet is a number of headers and libraries! @node Installing the GNU Taler exchange,Installing the GNU Taler merchant backend,Installing GNUnet,Generic instructions for installation from source @@ -648,7 +663,7 @@ which requires you to run the last step as @code{root}. You have to specify previous step. There is no need to actually run a Taler exchange to use the Taler merchant -backend – all the merchant needs from the Taler exchange is a few headers and +backend -- all the merchant needs from the Taler exchange is a few headers and libraries! @node Installing the GNU Taler merchant backend,,Installing the GNU Taler exchange,Generic instructions for installation from source @@ -698,54 +713,32 @@ run @code{ldconfig}. Without this step, it is possible that the linker may not find the installed libraries and launching the Taler merchant backend would then fail. -@node Installing the GNU Taler binary packages on Debian,Installing the GNU Taler binary packages on Ubuntu,Generic instructions for installation from source,Installation +Please note that unlike most packages, if you want to run the @code{make check} +command, you should run it only @emph{after} having done @code{make install}. The +latter ensures that necessary binaries are copied to the right place. + +Gratuitous editorial note by TTN: I think this is a quirk that we should +fix in the long-term as such weirdness might hide other build issues. +However, this is probably a minority viewpoint. + +In any case, if @code{make check} fails, please consider filing a +bug report with the Taler bug tracker@footnote{https://bugs.taler.net}. + +@node Installing the GNU Taler binary packages on Debian,Installing the GNU Taler binary packages on Trisquel,Generic instructions for installation from source,Installation @anchor{taler-merchant-manual installing-the-gnu-taler-binary-packages-on-debian}@anchor{1d} @section Installing the GNU Taler binary packages on Debian To install the GNU Taler Debian packages, first ensure that you have the right Debian distribution. At this time, the packages are built for -Sid, which means you should use a system which at least includes -unstable packages in its source list. We recommend using APT pinning -to limit unstable packages to those explicitly requested. To do this, -set your @code{/etc/apt/preferences} as follows: - -@example -Package: * -Pin: release a=stable -Pin-Priority: 700 - -Package: * -Pin: release a=testing -Pin-Priority: 650 - -Package: * -Pin: release a=unstable -Pin-Priority: 600 +Bullseye. -Package: * -Pin: release l=Debian-Security -Pin-Priority: 1000 -@end example - -A typical @code{/etc/apt/sources.list} file for this setup -which combines Debian stable with more recent packages -from testing and unstable would look like this: - -@example -deb http://ftp.ch.debian.org/debian/ buster main -deb http://security.debian.org/debian-security buster/updates main -deb http://ftp.ch.debian.org/debian/ testing main -deb http://ftp.ch.debian.org/debian/ unstable main -@end example - -Naturally, you may want to use different mirrors depending on your region. -Additionally, you must add a file to import the GNU Taler packages. Typically, +You need to add a file to import the GNU Taler packages. Typically, this is done by adding a file @code{/etc/apt/sources.list.d/taler.list} that looks like this: @example -deb https://deb.taler.net/apt/debian sid main +deb https://deb.taler.net/apt/debian bullseye main @end example Next, you must import the Taler Systems SA public package signing key @@ -778,8 +771,18 @@ fragment for Nginx or Apache will be placed in furthermore still configure the instances, and may need to extend the fragment with access control restrictions for non-default instances. -@node Installing the GNU Taler binary packages on Ubuntu,Installing Taler on Debian GNU/Linux from source,Installing the GNU Taler binary packages on Debian,Installation -@anchor{taler-merchant-manual installing-the-gnu-taler-binary-packages-on-ubuntu}@anchor{1e} +@node Installing the GNU Taler binary packages on Trisquel,Installing the GNU Taler binary packages on Ubuntu,Installing the GNU Taler binary packages on Debian,Installation +@anchor{taler-merchant-manual installing-the-gnu-taler-binary-packages-on-trisquel}@anchor{1e} +@section Installing the GNU Taler binary packages on Trisquel + + +To install the GNU Taler Trisquel packages, first ensure that you have +the right Trisquel distribution. Packages are currently available for +Trisquel GNU/Linux 10.0. Simply follow the same instructions provided +for Ubuntu 20.04 LTS (Focal Fossa). + +@node Installing the GNU Taler binary packages on Ubuntu,Installing Taler on Debian GNU/Linux from source,Installing the GNU Taler binary packages on Trisquel,Installation +@anchor{taler-merchant-manual installing-the-gnu-taler-binary-packages-on-ubuntu}@anchor{1f} @section Installing the GNU Taler binary packages on Ubuntu @@ -827,7 +830,7 @@ furthermore still configure the instances, and may need to extend the fragment with access control restrictions for non-default instances. @node Installing Taler on Debian GNU/Linux from source,,Installing the GNU Taler binary packages on Ubuntu,Installation -@anchor{taler-merchant-manual installing-taler-on-debian-gnu-002flinux}@anchor{1f}@anchor{taler-merchant-manual installing-taler-on-debian-gnu-linux-from-source}@anchor{20} +@anchor{taler-merchant-manual installing-taler-on-debian-gnu-002flinux}@anchor{20}@anchor{taler-merchant-manual installing-taler-on-debian-gnu-linux-from-source}@anchor{21} @section Installing Taler on Debian GNU/Linux from source @@ -837,13 +840,25 @@ with access control restrictions for non-default instances. @geindex Stretch +@geindex Buster + +@geindex Bullseye + @geindex Debian -Debian wheezy is too old and lacks most of the packages required. -Debian jessie is better, but still lacks PostgreSQL 9.6. +Debian Wheezy is too old and lacks most of the packages required. +Debian Jessie, Stretch, and Buster are better, but still lack PostgreSQL 12. -On Debian stretch, only GNU libmicrohttpd needs to be compiled from -source. To install dependencies on Debian stretch, run the following +@cartouche +@quotation Note +When compiling PostgreSQL 12, make sure to +do @code{make world} to build the @code{contrib/} modules, and +@code{cd contrib && make install} to install them, as well. +@end quotation +@end cartouche + +On Debian Stretch and Buster, only GNU libmicrohttpd needs to be compiled from +source. To install dependencies on Debian Stretch, run the following commands: @example @@ -859,8 +874,8 @@ commands: libjansson-dev \ libpq-dev \ postgresql-9.6 -# wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-latest.tar.gz -# wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-latest.tar.gz.sig +# wget https://ftpmirror.gnu.org/libmicrohttpd/libmicrohttpd-latest.tar.gz +# wget https://ftpmirror.gnu.org/libmicrohttpd/libmicrohttpd-latest.tar.gz.sig # gpg -v libmicrohttpd-latest.tar.gz # Should show signed by 939E6BE1E29FC3CC # tar xf libmicrohttpd-latest.tar.gz # cd libmicrohttpd-0* @@ -886,16 +901,16 @@ For more recent versions of Debian, you should instead run: libmicrohttpd-dev @end example -Note that stretch requires @code{libargon2-0-dev}, +Note that Stretch requires @code{libargon2-0-dev}, while later versions of Debian require @code{libargon2-dev}. For the rest of the installation, follow the generic installation instructions starting with the installation of libgnunetutil. Note that -if you used the Debian stretch instructions above, you need to pass +if you used the Debian Stretch instructions above, you need to pass @code{--with-microhttpd=/usr/local/} to all @code{configure} invocations. @node How to configure the merchant’s backend,Instance setup,Installation,Top -@anchor{taler-merchant-manual how-to-configure-the-merchants-backend}@anchor{21} +@anchor{taler-merchant-manual how-to-configure-the-merchants-backend}@anchor{22} @chapter How to configure the merchant’s backend @@ -922,7 +937,7 @@ commands given as examples. @end menu @node Configuration format,Using taler-config,,How to configure the merchant’s backend -@anchor{taler-merchant-manual configuration-format}@anchor{22} +@anchor{taler-merchant-manual configuration-format}@anchor{23} @section Configuration format @@ -997,7 +1012,7 @@ merchant needs to know an exchange URL, or a database name. @end quotation @node Using taler-config,Backend options,Configuration format,How to configure the merchant’s backend -@anchor{taler-merchant-manual using-taler-config}@anchor{23} +@anchor{taler-merchant-manual using-taler-config}@anchor{24} @section Using taler-config @@ -1050,13 +1065,13 @@ to @code{taler-merchant-httpd} and @code{taler-config} using the @code{-c} option. @node Backend options,Sample backend configuration,Using taler-config,How to configure the merchant’s backend -@anchor{taler-merchant-manual backend-options}@anchor{24}@anchor{taler-merchant-manual id6}@anchor{25} +@anchor{taler-merchant-manual backend-options}@anchor{25}@anchor{taler-merchant-manual id6}@anchor{26} @section Backend options @geindex DBMS -@geindex Postgres +@geindex PostgreSQL @geindex UNIX domain socket @@ -1088,7 +1103,7 @@ modified. Here, the notation @code{[$section]/$option} denotes the option @end menu @node Service address,Currency,,Backend options -@anchor{taler-merchant-manual service-address}@anchor{26} +@anchor{taler-merchant-manual service-address}@anchor{27} @subsection Service address @@ -1126,8 +1141,23 @@ $ taler-config -s MERCHANT -o SERVE -V TCP $ taler-config -s MERCHANT -o PORT -V 8888 @end example +@cartouche +@quotation Note +When using the Debian/Ubuntu packages, these options are already +configured in the @code{/etc/taler/conf.d/merchant.conf} configuration file. + +If you need to change them, you should edit @code{/etc/taler/merchant-overrides.conf}, +for example by passing @code{-c /etc/taler/merchant-overrides.conf} to the +@code{taler-config} commands above. By default, the Taler merchant +package when installed on Debian/Ubuntu will use a UNIX domain socket +at @code{/run/taler/merchant-httpd/merchant-http.sock}. For the best possible +security, it is recommended to leave this in place and configure a reverse +proxy (nginx or Apache) as described below. +@end quotation +@end cartouche + @node Currency,Database,Service address,Backend options -@anchor{taler-merchant-manual currency}@anchor{27} +@anchor{taler-merchant-manual currency}@anchor{28} @subsection Currency @@ -1146,8 +1176,19 @@ will work with the Taler demonstration exchange at $ taler-config -s TALER -o CURRENCY -V KUDOS @end example +@cartouche +@quotation Note +When using the Debian/Ubuntu packages, these options should be +configured in the @code{/etc/taler/taler.conf} configuration file +(alternatively, you can also edit @code{/etc/taler/merchant-overrides.conf}). +However, you must edit the @code{taler.conf} file manually and @strong{must not} +use @code{taler-config} to do this, as that would inline the include +directives and destroy the carefully setup path structure. +@end quotation +@end cartouche + @node Database,Exchange,Currency,Backend options -@anchor{taler-merchant-manual database}@anchor{28} +@anchor{taler-merchant-manual database}@anchor{29} @subsection Database @@ -1164,7 +1205,17 @@ specifies which DBMS is to be used. However, currently only the value In addition to selecting the DBMS software, the backend requires DBMS-specific options to access the database. -For postgres, you need to provide: +@cartouche +@quotation Note +When using the Debian/Ubuntu packages, the database should already +be configured in the @code{/etc/taler/secrets/merchant-db.secret.conf} +configuration file. The @code{talermerchant} database is also already +configured (unless you answered @code{no} when asked the question during +installation), so you can skip everything in this section. +@end quotation +@end cartouche + +For the @code{postgres} backend, you need to provide: @example [MERCHANTDB-postgres]/CONFIG @@ -1172,7 +1223,7 @@ For postgres, you need to provide: This option specifies a postgres access path using the format @code{postgres:///$DBNAME}, where @code{$DBNAME} is the name of the -Postgres database you want to use. Suppose @code{$USER} is the name of +PostgreSQL database you want to use. Suppose @code{$USER} is the name of the user who will run the backend process. Then, you need to first run: @@ -1180,7 +1231,7 @@ run: $ sudo -u postgres createuser -d $USER @end example -as the Postgres database administrator (usually @code{postgres}) to +as the PostgreSQL database administrator (usually @code{postgres}) to grant @code{$USER} the ability to create new databases. Next, you should as @code{$USER} run: @@ -1208,7 +1259,7 @@ You can improve your security posture if you now REVOKE the rights to CREATE, DROP or ALTER tables from @code{$USER}. However, if you do so, please be aware that you may have to temporarily GRANT those rights again when you update the merchant backend. For details on how to REVOKE or GRANT these rights, consult -the Postgres documentation. +the PostgreSQL documentation. Commands, like @code{taler-merchant-dbinit}, that support the @code{-l LOGFILE} command-line option, send logging output to standard error by default. @@ -1226,7 +1277,7 @@ unauthorized access. @c index: MASTER_KEY @node Exchange,Auditor,Database,Backend options -@anchor{taler-merchant-manual exchange}@anchor{29} +@anchor{taler-merchant-manual exchange}@anchor{2a} @subsection Exchange @@ -1274,22 +1325,32 @@ exchanges must use the same currency: If the currency does not match the main currency from the @code{TALER} section, the exchange is ignored. If you need to support multiple currencies, you need to configure a backend per currency. +@cartouche +@quotation Note +Manually setting up exchanges is only recommended under special +circumstances. In general, GNU Taler will include trustworthy +auditors (for each currency) in the default configuration, and +there is rarely a good reason for trusting an exchange without +an accredited auditor. +@end quotation +@end cartouche + @node Auditor,,Exchange,Backend options -@anchor{taler-merchant-manual auditor}@anchor{2a} +@anchor{taler-merchant-manual auditor}@anchor{2b} @subsection Auditor To add an auditor to the list of trusted auditors (which implies that all exchanges audited by this auditor will be trusted!) you create a section with a name that starts with “MERCHANT-AUDITOR-”. In -that section, the following options need to be configured: +4that section, the following options need to be configured: @itemize - @item The @code{AUDITOR_BASE_URL} option specifies the auditor’s base URL. -For example, to use the Taler demonstrator’s auditor, specify: +For example, to use the Taler demonstrator's auditor, specify: @example $ taler-config -s MERCHANT-AUDITOR-demo \ @@ -1298,7 +1359,7 @@ $ taler-config -s MERCHANT-AUDITOR-demo \ @end example @item -The @code{AUDITOR_KEY} option specifies the auditor’s public key +The @code{AUDITOR_KEY} option specifies the auditor's public key in base32 encoding. For the Taler demonstrator, use: @example @@ -1324,8 +1385,18 @@ auditors must use the same currency: If the currency does not match the main currency from the @code{TALER} section, the auditor is ignored. If you need to support multiple currencies, you need to configure a backend per currency. +@cartouche +@quotation Note +Manually adding auditors is only recommended under special +circumstances. In general, GNU Taler will include trustworthy +auditors (for each currency) in the default configuration, and +there is rarely a good reason for adding an auditor that is +not coordinating its activities with the Taler developers. +@end quotation +@end cartouche + @node Sample backend configuration,Launching the backend,Backend options,How to configure the merchant’s backend -@anchor{taler-merchant-manual id7}@anchor{2b}@anchor{taler-merchant-manual sample-backend-configuration}@anchor{2c} +@anchor{taler-merchant-manual id7}@anchor{2c}@anchor{taler-merchant-manual sample-backend-configuration}@anchor{2d} @section Sample backend configuration @@ -1361,7 +1432,7 @@ CURRENCY = KUDOS @end example Given the above configuration, the backend will use a database named -@code{donations} within Postgres. +@code{donations} within PostgreSQL. The backend will deposit the coins it receives to the exchange at @indicateurl{https://exchange.demo.taler.net/}, which has the master key @@ -1372,7 +1443,7 @@ configuration steps, showing how to invoke @code{taler-config} for each of them. @node Launching the backend,,Sample backend configuration,How to configure the merchant’s backend -@anchor{taler-merchant-manual id8}@anchor{2d}@anchor{taler-merchant-manual launching-the-backend}@anchor{2e} +@anchor{taler-merchant-manual id8}@anchor{2e}@anchor{taler-merchant-manual launching-the-backend}@anchor{2f} @section Launching the backend @@ -1392,10 +1463,25 @@ you should use systemd, cron or some other init system of your operating system to launch the process. Consult the documentation of your operating system for how to start and stop daemons. +@cartouche +@quotation Note +When using the Debian/Ubuntu packages, the systemd configuration +will already exist. You only need to enable and start the service +using @code{systemctl enable taler-merchant-httpd} and +@code{systemctl start taler-merchant-httpd}. Additionally, you should +review the @code{/etc/apache2/sites-available/taler-merchant.conf} +or @code{/etc/nginx/sites-available/taler-merchant} (these files +contain additional instructions to follow), symlink it to +@code{sites-enabled/} and restart your HTTP server. After that, you +should be able to visit the merchant backend at the respective +HTTP(S) endpoint. +@end quotation +@end cartouche + If everything worked as expected, the command @example -$ curl http://localhost:8888/config +$ wget -O - http://localhost:8888/config @end example should return some basic configuration status data about the service. @@ -1424,11 +1510,36 @@ and use TLS for improved network privacy, see @ref{9,,Secure setup}. @geindex instance @node Instance setup,Secure setup,How to configure the merchant’s backend,Top -@anchor{taler-merchant-manual id9}@anchor{2f}@anchor{taler-merchant-manual instance-setup}@anchor{30} +@anchor{taler-merchant-manual id9}@anchor{30}@anchor{taler-merchant-manual instance-setup}@anchor{31} @chapter Instance setup -Before using the backend, you must at least configure the “default” instance. +First of all, we recommend the use of the single-page administration +application that is served by default at the base URL of the merchant backend. +You can use it to perform all steps described in this section (and more!), +using a simple Web interface instead of the @code{wget} commands given below. + +The first step for using the backend involves the creation of a @code{default} +instance. The @code{default} instance can also create / delete / configure other +instances, similar to the @code{root} account on UNIX. When no instance exists +and @code{taler-merchant-httpd} was started without the @code{--auth} option, then +the backend is reachable without any access control (unless you configured +some in the reverse proxy). + +The following documentation shows how to handle any instance. Thus, if you +want to have multiple instances, you may need to perform the steps multiple +times, once for each instance. + +@cartouche +@quotation Note +A security concern is that normal API usage leaks instance existence. +This means unauthorized users can distinguish between the case where the +instance does not exist (HTTP 404) and the case where access is denied +(HTTP 403). +This is all moot behind a properly configured +@ref{32,,reverse proxy}. +@end quotation +@end cartouche @menu * KUDOS Accounts:: @@ -1438,7 +1549,7 @@ Before using the backend, you must at least configure the “default” instance @end menu @node KUDOS Accounts,IBAN Accounts,,Instance setup -@anchor{taler-merchant-manual kudos-accounts}@anchor{31} +@anchor{taler-merchant-manual kudos-accounts}@anchor{33} @section KUDOS Accounts @@ -1460,7 +1571,7 @@ must be replaced with the name of the account that was established at @indicateurl{https://bank.demo.taler.net/}. @node IBAN Accounts,Setup,KUDOS Accounts,Instance setup -@anchor{taler-merchant-manual iban-accounts}@anchor{32} +@anchor{taler-merchant-manual iban-accounts}@anchor{34} @section IBAN Accounts @@ -1472,7 +1583,7 @@ IBAN, the corresponding @code{payto://}-URI is simply @code{payto://iban/$IBAN} @code{$IBAN} must be replaced with the actual IBAN number. @node Setup,,IBAN Accounts,Instance setup -@anchor{taler-merchant-manual setup}@anchor{33} +@anchor{taler-merchant-manual setup}@anchor{35} @section Setup @@ -1499,7 +1610,7 @@ create a file @code{instance.json} with an InstanceConfigurationMessage In the text above, you must replace @code{$PAYTO_URI} with your actual @code{payto://}-URI. Also, be sure to replace @code{KUDOS} with the fiat currency if the setup is for an actual bank. The @code{name} field will be shown as the name of -your shop. The @code{address} field is expected to contain your shop’s physical +your shop. The @code{address} field is expected to contain your shop's physical address. The various defaults specify defaults for transaction fees your shop is willing to cover, how long offers made to the customer are valid, and how long the exchange has before it must wire the funds to your bank @@ -1521,7 +1632,7 @@ or purge (deleting all associated data) instances exist as well and are document in the Merchant Backend API documentation. @node Secure setup,Customization,Instance setup,Top -@anchor{taler-merchant-manual id11}@anchor{34}@anchor{taler-merchant-manual secure-setup}@anchor{9} +@anchor{taler-merchant-manual id11}@anchor{36}@anchor{taler-merchant-manual secure-setup}@anchor{9} @chapter Secure setup @@ -1539,11 +1650,12 @@ authentication and then forwards requests to the backend. * Using UNIX domain sockets:: * Reverse proxy configuration:: * Access control:: +* Status code remapping:: @end menu @node Using UNIX domain sockets,Reverse proxy configuration,,Secure setup -@anchor{taler-merchant-manual using-unix-domain-sockets}@anchor{35} +@anchor{taler-merchant-manual using-unix-domain-sockets}@anchor{37} @section Using UNIX domain sockets @@ -1555,9 +1667,9 @@ $ taler-config -s MERCHANT -o SERVE -V UNIX $ taler-config -s MERCHANT -o UNIXPATH -V /some/path/here.sock @end example -Do not use a UNIX domain socket path in “/tmp”: systemd (or other init -systems) may give Web servers a private “/tmp” thereby hiding UNIX domain -sockets created by other users/processes in “/tmp”. +Do not use a UNIX domain socket path in "/tmp": systemd (or other init +systems) may give Web servers a private "/tmp" thereby hiding UNIX domain +sockets created by other users/processes in "/tmp". If UNIX domain sockets are for some reason not possible, you @emph{may} use a host-based firewall to block access to the TCP port of the merchant backend, @@ -1565,7 +1677,7 @@ but this is @emph{not recommended}. Relying on NAT or network firewalls for acc control is gross negligence. @node Reverse proxy configuration,Access control,Using UNIX domain sockets,Secure setup -@anchor{taler-merchant-manual reverse-proxy-configuration}@anchor{36} +@anchor{taler-merchant-manual id12}@anchor{38}@anchor{taler-merchant-manual reverse-proxy-configuration}@anchor{32} @section Reverse proxy configuration @@ -1576,7 +1688,7 @@ control is gross negligence. @end menu @node Nginx,Apache,,Reverse proxy configuration -@anchor{taler-merchant-manual nginx}@anchor{37} +@anchor{taler-merchant-manual nginx}@anchor{39} @subsection Nginx @@ -1596,7 +1708,7 @@ not have HTTPS enabled. Make sure to restart the @code{taler-merchant-httpd} process after changing the @code{SERVE} configuration. @node Apache,,Nginx,Reverse proxy configuration -@anchor{taler-merchant-manual apache}@anchor{38} +@anchor{taler-merchant-manual apache}@anchor{3a} @subsection Apache @@ -1623,11 +1735,11 @@ Note that the above again assumes your domain name is @code{example.com} and tha you have TLS configured. Note that you must add the @code{https} header unless your site is not available via TLS. -The above configuration(s) are both incomplete. You must still additionally -setup access control! +The above configurations are both incomplete. You must still additionally +set up access control! -@node Access control,,Reverse proxy configuration,Secure setup -@anchor{taler-merchant-manual access-control}@anchor{39} +@node Access control,Status code remapping,Reverse proxy configuration,Secure setup +@anchor{taler-merchant-manual access-control}@anchor{3b} @section Access control @@ -1653,7 +1765,7 @@ interact with those endpoints directly without client authentication. @end menu @node Nginx<2>,Apache<2>,,Access control -@anchor{taler-merchant-manual id12}@anchor{3a} +@anchor{taler-merchant-manual id13}@anchor{3c} @subsection Nginx @@ -1665,13 +1777,13 @@ location ~ /private/ @{ if ($http_authorization !~ "(?i)ApiKey SECURITYTOKEN") @{ return 401; @} - proxy_pass ...; // as above + proxy_pass ...; # as above @} location /management/ @{ if ($http_authorization !~ "(?i)ApiKey SECURITYTOKEN") @{ return 401; @} - proxy_pass ...; // as above + proxy_pass ...; # as above @} @end example @@ -1716,7 +1828,7 @@ location ~ /private/ @{ @end example @node Apache<2>,,Nginx<2>,Access control -@anchor{taler-merchant-manual id13}@anchor{3b} +@anchor{taler-merchant-manual id14}@anchor{3d} @subsection Apache @@ -1786,8 +1898,46 @@ restrict access to the internal API to authorized clients. System administrators are strongly advised to test their access control setup before going into production! +@node Status code remapping,,Access control,Secure setup +@anchor{taler-merchant-manual status-code-remapping}@anchor{3e} +@section Status code remapping + + +Normal API usage leaks instance existence information. +Distinguishing between 404 (Not found) and 403 (Forbidden) +is useful for diagnostics. + +For higher security (by leaking less information), +you can add the following fragment, +which remaps all 404 response codes to 403. + +@menu +* Nginx: Nginx<3>. +* Apache: Apache<3>. + +@end menu + +@node Nginx<3>,Apache<3>,,Status code remapping +@anchor{taler-merchant-manual id15}@anchor{3f} +@subsection Nginx + + +@example +error_page 404 =403 /empty.gif; +@end example + +@node Apache<3>,,Nginx<3>,Status code remapping +@anchor{taler-merchant-manual id16}@anchor{40} +@subsection Apache + + +@example +cond %@{STATUS@} =404 +set-status 403 +@end example + @node Customization,Upgrade procedure,Secure setup,Top -@anchor{taler-merchant-manual customization}@anchor{3c} +@anchor{taler-merchant-manual customization}@anchor{41} @chapter Customization @@ -1800,7 +1950,7 @@ setup before going into production! @end menu @node Templates,Static files,,Customization -@anchor{taler-merchant-manual templates}@anchor{3d} +@anchor{taler-merchant-manual templates}@anchor{42} @section Templates @@ -1810,7 +1960,7 @@ own design. The templating language used is Mustach, and the templates are in the @code{share/taler/merchant/templates/} directory. @node Static files,Internationalization,Templates,Customization -@anchor{taler-merchant-manual static-files}@anchor{3e} +@anchor{taler-merchant-manual static-files}@anchor{43} @section Static files @@ -1820,7 +1970,7 @@ logic to load a CSS file, but you can also put other resources such as images or JavaScript. @node Internationalization,Limitations,Static files,Customization -@anchor{taler-merchant-manual internationalization}@anchor{3f} +@anchor{taler-merchant-manual internationalization}@anchor{44} @section Internationalization @@ -1837,7 +1987,7 @@ returned. Otherwise, an internationalized file based on the language preferences indicated by the browser is returned. @node Limitations,,Internationalization,Customization -@anchor{taler-merchant-manual limitations}@anchor{40} +@anchor{taler-merchant-manual limitations}@anchor{45} @section Limitations @@ -1846,7 +1996,7 @@ process to hold open file handles for all of these files. You may want to increase the @code{ulimit} of the @code{taler-merchant-httpd} process if you have templates for many languages. -The backend determines the MIME type based on the file’s extension. The list +The backend determines the MIME type based on the file's extension. The list of supported extensions is hard-coded and includes common text and image formats. @@ -1855,7 +2005,7 @@ template expansion, and does not make use of scopes and other Mustach features. @node Upgrade procedure,Tipping visitors,Customization,Top -@anchor{taler-merchant-manual upgrade-procedure}@anchor{41} +@anchor{taler-merchant-manual upgrade-procedure}@anchor{46} @chapter Upgrade procedure @@ -1868,8 +2018,8 @@ merchant. Attempting to upgrade from or to a version in Git is not supported and may result in subtle data loss. To safely upgrade the merchant, you should first stop the existing -@code{taler-merchant-httpd} process, backup your merchant database (see Postgres -manual), and then install the latest version of the code. +@code{taler-merchant-httpd} process, backup your merchant database (see +PostgreSQL manual), and then install the latest version of the code. If you REVOKED database permissions, ensure that the rights to CREATE, DROP, and ALTER tables are GRANTed to @code{$USER} again. Then, run: @@ -1887,7 +2037,7 @@ $ taler-merchant-httpd @end example @node Tipping visitors,Advanced topics,Upgrade procedure,Top -@anchor{taler-merchant-manual id14}@anchor{42}@anchor{taler-merchant-manual tipping-visitors}@anchor{43} +@anchor{taler-merchant-manual id17}@anchor{47}@anchor{taler-merchant-manual tipping-visitors}@anchor{48} @chapter Tipping visitors @@ -1909,7 +2059,7 @@ There are three basic steps that must happen to tip a visitor. @end menu @node Fund the reserve,Authorize a tip,,Tipping visitors -@anchor{taler-merchant-manual fund-the-reserve}@anchor{44}@anchor{taler-merchant-manual id15}@anchor{45} +@anchor{taler-merchant-manual fund-the-reserve}@anchor{49}@anchor{taler-merchant-manual id18}@anchor{4a} @section Fund the reserve @@ -1946,7 +2096,7 @@ You now need to make a wire transfer to the exchange’s bank account using the given wire transfer subject. Make your wire transfer and (optionally) check at -“@indicateurl{https://exchange/reserves/QPE24X}…” whether your transfer has arrived at the +“@indicateurl{https://exchange/reserves/QPE24X}...” whether your transfer has arrived at the exchange. Once the funds have arrived, you can start to use the reserve for @@ -1959,7 +2109,7 @@ initially. If your campaign runs longer, you should setup another reserve every other week to ensure one is always ready. @node Authorize a tip,Picking up of the tip,Fund the reserve,Tipping visitors -@anchor{taler-merchant-manual authorize-a-tip}@anchor{46}@anchor{taler-merchant-manual id16}@anchor{47} +@anchor{taler-merchant-manual authorize-a-tip}@anchor{4b}@anchor{taler-merchant-manual id19}@anchor{4c} @section Authorize a tip @@ -1998,7 +2148,7 @@ The frontend should handle errors returned by the backend, such as misconfigured instances or a lack of remaining funds for tipping. @node Picking up of the tip,,Authorize a tip,Tipping visitors -@anchor{taler-merchant-manual id17}@anchor{48}@anchor{taler-merchant-manual picking-up-of-the-tip}@anchor{49} +@anchor{taler-merchant-manual id20}@anchor{4d}@anchor{taler-merchant-manual picking-up-of-the-tip}@anchor{4e} @section Picking up of the tip @@ -2008,7 +2158,7 @@ The frontend must then forward this request to the backend. The response generated by the backend can then be forwarded directly to the wallet. @node Advanced topics,Advanced experimental features,Tipping visitors,Top -@anchor{taler-merchant-manual advanced-topics}@anchor{4a} +@anchor{taler-merchant-manual advanced-topics}@anchor{4f} @chapter Advanced topics @@ -2019,7 +2169,7 @@ generated by the backend can then be forwarded directly to the wallet. @end menu @node Database Scheme,Configuration format<2>,,Advanced topics -@anchor{taler-merchant-manual database-scheme}@anchor{4b}@anchor{taler-merchant-manual merchantdatabasescheme}@anchor{4c} +@anchor{taler-merchant-manual database-scheme}@anchor{50}@anchor{taler-merchant-manual merchantdatabasescheme}@anchor{51} @section Database Scheme @@ -2035,7 +2185,7 @@ The database scheme used by the merchant looks as follows: @image{taler-merchant-figures/merchant-db,,,,png} @node Configuration format<2>,,Database Scheme,Advanced topics -@anchor{taler-merchant-manual id18}@anchor{4d} +@anchor{taler-merchant-manual id21}@anchor{52} @section Configuration format @@ -2117,7 +2267,7 @@ merchant needs to know an exchange URL, or a database name. @end menu @node Using taler-config<2>,,,Configuration format<2> -@anchor{taler-merchant-manual id19}@anchor{4e}@anchor{taler-merchant-manual using-taler-002dconfig}@anchor{4f} +@anchor{taler-merchant-manual id22}@anchor{53}@anchor{taler-merchant-manual using-taler-002dconfig}@anchor{54} @subsection Using taler-config @@ -2172,7 +2322,7 @@ to @code{taler-merchant-httpd} and @code{taler-config} using the @code{-c} option. @node Advanced experimental features,Temporarily Abandoned Features,Advanced topics,Top -@anchor{taler-merchant-manual advanced-experimental-features}@anchor{50} +@anchor{taler-merchant-manual advanced-experimental-features}@anchor{55} @chapter Advanced experimental features @@ -2187,7 +2337,7 @@ need, or will not need initially. @end menu @node Benchmarking,Benchmark setup,,Advanced experimental features -@anchor{taler-merchant-manual benchmarking}@anchor{51}@anchor{taler-merchant-manual merchantbenchmarking}@anchor{52} +@anchor{taler-merchant-manual benchmarking}@anchor{56}@anchor{taler-merchant-manual merchantbenchmarking}@anchor{57} @section Benchmarking @@ -2209,20 +2359,20 @@ to customize the benchmark and/or to cover more realistic workloads from the start. @node Benchmark setup,Running the benchmark command,Benchmarking,Advanced experimental features -@anchor{taler-merchant-manual benchmark-setup}@anchor{53} +@anchor{taler-merchant-manual benchmark-setup}@anchor{58} @section Benchmark setup The @code{taler-merchant-benchmark} tool will automatically launch and configure the exchange, (Python) bank and other tools required for the benchmark. However, the configuration file must be provided and have consistent options set. The -options that require special care include the exchange’s public key (which +options that require special care include the exchange's public key (which must match the private key in the file specified by the configuration), the currency (which must be consistent across the file), the denomination structure (which must enable payments in the range of 100ths of the unit currency (often called cents)). Furthermore, the benchmark will set the -Exchange bank account password to be “x”, so the configuration must also -specify “x” for the passphrase. Finally, the bank must be configured to allow +Exchange bank account password to be "x", so the configuration must also +specify "x" for the passphrase. Finally, the bank must be configured to allow for substantial debt least the transactions by the benchmark run out of digital cash. @@ -2354,15 +2504,15 @@ rsa_keysize = 1024 @end example -Note that the public key must match the exchange’s -private key and that the Postgres database must +Note that the public key must match the exchange's +private key and that the PostgreSQL database must exist before launching the benchmark. You also -will need to ensure that the Exchange’s +will need to ensure that the Exchange's details are set up. For details, see the Exchange Operator Manual. @node Running the benchmark command,,Benchmark setup,Advanced experimental features -@anchor{taler-merchant-manual running-the-benchmark-command}@anchor{54} +@anchor{taler-merchant-manual running-the-benchmark-command}@anchor{59} @section Running the benchmark command @@ -2426,7 +2576,7 @@ options: @item @code{--tracks-number=TN} Instructs the tool to perform @emph{TN} tracking operations. Note that the @strong{total} amount of operations will be two -times @emph{TN}, since “one” tracking operation accounts for +times @emph{TN}, since "one" tracking operation accounts for @code{/track/transaction} and @code{/track/transfer}. This command should only be used to see if the operation ends without problems, as no actual measurement of performance is provided (despite of the @@ -2434,7 +2584,7 @@ actual measurement of performance is provided (despite of the @end itemize @node Temporarily Abandoned Features,Index,Advanced experimental features,Top -@anchor{taler-merchant-manual temporarily-abandoned-features}@anchor{55} +@anchor{taler-merchant-manual temporarily-abandoned-features}@anchor{5a} @chapter Temporarily Abandoned Features @@ -2444,7 +2594,7 @@ actual measurement of performance is provided (despite of the @end menu @node Installing Taler using Docker,,,Temporarily Abandoned Features -@anchor{taler-merchant-manual installing-taler-using-docker}@anchor{56} +@anchor{taler-merchant-manual installing-taler-using-docker}@anchor{5b} @section Installing Taler using Docker @@ -2497,7 +2647,7 @@ To test if everything worked as expected, it suffices to issue a simple request to the merchant, for example: @example -$ curl http://$(docker-machine ip)/ +$ wget -O - http://$(docker-machine ip)/ # A greeting message should be returned by the merchant. @end example |