summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-24 14:48:25 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-24 14:48:25 +0100
commit53878b844001ada7a44b88c0eaf0cccd86cabf43 (patch)
treeca0ddcf19ac4257722dc1f9dfe0f5c61561d63f7
parentfe732cd38e1f2c0bc2ee8c2377cbfd95aff5167b (diff)
parentdfcce6afb735a8fb8fb3c784f6dff539f415e744 (diff)
downloaddocs-53878b844001ada7a44b88c0eaf0cccd86cabf43.tar.gz
docs-53878b844001ada7a44b88c0eaf0cccd86cabf43.tar.bz2
docs-53878b844001ada7a44b88c0eaf0cccd86cabf43.zip
Merge branch 'master' of git+ssh://git.taler.net/docs
-rw-r--r--developers-manual.rst2
-rw-r--r--libeufin/concepts.rst17
-rw-r--r--manpages/taler.conf.5.rst3
-rw-r--r--taler-auditor-manual.rst31
4 files changed, 32 insertions, 21 deletions
diff --git a/developers-manual.rst b/developers-manual.rst
index f176cbe..22e933e 100644
--- a/developers-manual.rst
+++ b/developers-manual.rst
@@ -570,6 +570,8 @@ Update the Texinfo documentation using the files from docs.git:
Finally, the Automake ``Makefile.am`` files may have to be adjusted to
include new ``*.texi`` files or images.
+For bootstrap, you will need to install
+`GNU Recutils <https://www.gnu.org/software/recutils/>`_.
For the exchange test cases to pass, ``make install`` must be run first.
Without it, test cases will fail because plugins can't be located.
diff --git a/libeufin/concepts.rst b/libeufin/concepts.rst
index 9cfc13e..a0f2bb7 100644
--- a/libeufin/concepts.rst
+++ b/libeufin/concepts.rst
@@ -38,8 +38,9 @@ Nexus Users
The concept of a *nexus user* is used to implement access control to the
operations that the nexus provides.
-A user has a login name and a (salted, hashed) password. (Other authentication
-methods could be added in the future.)
+A user has a login name and a (salted, hashed) password.
+This is the `HTTP basic auth <https://tools.ietf.org/html/rfc7617>`_ method.
+(Other authentication methods could be added in the future.)
A nexus user can be marked as *superuser*. All permission checks are skipped
for superusers. Only superusers are allowed to create/modify other users.
@@ -66,7 +67,8 @@ Examples:
.. code-block:: console
# Download latest transactions via the default bank connection and store them locally
- $ curl -XPOST $AUTHEADER https://example1.libeufin.tech/bank-accounts/my-acct/fetch-transactions
+ $ http -a $USER:$PASSWORD POST \
+ https://example1.libeufin.tech/bank-accounts/my-acct/fetch-transactions
Bank Connections
----------------
@@ -100,12 +102,14 @@ Examples:
.. code-block:: console
# Manually request the inter-day account report via the EBICS C52 order
- $ curl -XPOST $AUTHEADER https://example1.libeufin.tech/bank-connections/my-ebics-testacct/ebics/download/C52
+ $ http -a $USER:$PASSWORD POST \
+ https://example1.libeufin.tech/bank-connections/my-ebics-testacct/ebics/download/C52
# Download available bank accounts that can be accessed through this connection,
# according to the bank server (with EBICS, does a HTD request).
# For each of them, create a bank account resource in LibEuFin.
- $ curl -XPOST $AUTHEADER https://example1.libeufin.tech/bank-connection/my-ebics-testacct/fetch-accounts
+ $ http -a $USER:$PASSWORD POST \
+ https://example1.libeufin.tech/bank-connection/my-ebics-testacct/fetch-accounts
Facades
-------
@@ -128,7 +132,8 @@ Examples:
.. code-block:: console
# Request the Taler-specific history through the facade
- $ curl $AUTHEADER https://example1.libeufin.tech/facades/my-taler-wire-gw/taler/history/incoming
+ $ http -a $USER:$PASSWORD \
+ https://example1.libeufin.tech/facades/my-taler-wire-gw/taler/history/incoming
Access Control
==============
diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index f6a192d..07e9d10 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -27,6 +27,9 @@ The values, however, are *case-sensitive*.
In particular, boolean values are one of ``YES`` or ``NO``.
Values can include whitespace by surrounding
the entire value with ``"`` (double quote).
+Note, however, that there are no escape characters in such strings;
+all characters between the double quotes (including other double quotes)
+are taken verbatim.
Values that represent filenames can begin with a ``/bin/sh``-like
variable reference.
diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst
index d81b7ce..be55ae9 100644
--- a/taler-auditor-manual.rst
+++ b/taler-auditor-manual.rst
@@ -223,7 +223,7 @@ offline key, it is only used for a few cryptographic signatures and
thus the respective code can be run on modest hardware, like a
Raspberry Pi.
-The following values are to be configured in the section [auditor]:
+The following values are to be configured in the section ``[auditor]``:
- ``AUDITOR_PRIV_FILE``: Path to the auditor’s private key file.
@@ -238,7 +238,7 @@ Serving
The auditor can serve HTTP over both TCP and UNIX domain socket.
-The following values are to be configured in the section [auditor]:
+The following values are to be configured in the section ``[auditor]``:
- ``serve``: must be set to ``tcp`` to serve HTTP over TCP, or ``unix`` to serve
HTTP over a UNIX domain socket
@@ -266,7 +266,7 @@ documentation for details.
Database
--------
-The option ``DB`` under section [auditor] gets the DB backend’s name the
+The option ``DB`` under section ``[auditor]`` gets the DB backend’s name the
exchange is going to use. So far, only ``DB = postgres`` is supported. After
choosing the backend, it is mandatory to supply the connection string
(namely, the database name). This is possible in two ways:
@@ -276,15 +276,15 @@ choosing the backend, it is mandatory to supply the connection string
- via configuration option ``CONFIG``, under section ``[auditordb-BACKEND]``.
For example, the demo exchange is configured as follows:
-.. code-block:: ini
+ .. code-block:: ini
- [auditor]
- ...
- DB = postgres
- ...
+ [auditor]
+ ...
+ DB = postgres
+ ...
- [auditordb-postgres]
- CONFIG = postgres:///auditordemo
+ [auditordb-postgres]
+ CONFIG = postgres:///auditordemo
If an exchange runs its own auditor, it may use the same database for
the auditor and the exchange itself.
@@ -335,8 +335,7 @@ The equivalent step must be performed by the exchange operator.
Here, the exchange operator must use the ``taler-exchange-offline``
tool to add the auditor's public key, base URL and (business) name
to the list of approved auditors of the exchange. For details,
-see the exchange operator manual.
-# FIXME-ttn: add link please?
+see :ref:`Auditor-configuration` in the exchange operator manual.
.. _SigningDenominations:
@@ -349,14 +348,14 @@ Signing Denominations
This step must be performed regularly whenever the exchange is
deploying new denomination keys. After the exchange operator
has signed new keys using the ``taler-exchange-offline`` tool,
-each auditor should run
+each auditor should run:
.. code-block:: console
$ taler-auditor-offline download > input.json
to import the latest set of denomination keys. The key data
-should then be inspected using
+should then be inspected using:
.. code-block:: console
@@ -384,6 +383,8 @@ on its offline system) using:
The resulting ``output.json`` should then be copied to an online system,
and from there uploaded to the exchange using:
+.. code-block:: console
+
$ taler-auditor-offline upload < output.json
The contents of ``output.json`` can again be public and require no special
@@ -541,7 +542,7 @@ When an auditor detects that the private key of a denomination key pair has
been compromised, one important step is to revoke the denomination key. The
exchange operator includes the details on how to revoke a denomination key, so
the auditor should only have to report (and possibly enforce) this step.
--- FIXME-ttn: link to exchange chapter on revocations here?
+For more information, see :ref:`Revocations` in the exchange operator manual.
If all denominations of an exchange are revoked, the exchange includes logic
to wire back all returned funds to the bank accounts from which they