FIXMEs to exchange setup guide.

1 files changed, 34 insertions, 7 deletions

diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
index da970d68..b50a2f80 100644
--- a/taler-exchange-setup-guide.rst
+++ b/taler-exchange-setup-guide.rst
@@ -69,6 +69,10 @@ and that the ``gnupg`` package has been installed.
   [root@exchange-online]# apt-get upgrade
   [root@exchange-online]# apt-get install -y gnupg
 
+..
+  FIXME: gnupg is a Ubuntu 20.04 default package.  The third command above
+  might be removed then.
+
 Next, add the ``focal-fossa`` apt repository provided by Taler Systems S.A. to
 your package sources:
 
@@ -86,6 +90,10 @@ signing key to your list of trusted keys and update the package index:
   [root@exchange-online]# wget -O - https://taler.net/taler-systems.gpg.key | apt-key add -
   [root@exchange-online]# apt-get update
 
+..
+  FIXME: this happens after the update.
+  N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://deb.taler.net/apt/ubuntu focal-fossa InRelease' doesn't support architecture 'i386'
+
 Finally, the required packages can be installed:
 
 
@@ -127,6 +135,10 @@ directive and should end with ``.secret.conf``.
 To view the entire configuration annotated with the source of each configuration option, you
 can use the ``taler-config`` helper:
 
+..
+  FIXME: mostly all the configuration files are owned root:root.  Is that wanted?
+  Wasn't taler-exchange-httpd supposed to own those?
+
 .. code-block:: shell-session
 
   [root@exchange-online]# taler-config --diagnostics
@@ -166,6 +178,10 @@ The exchange setup uses the following system groups:
 * taler-exchange-secmod: group for processes with access to online signing keys, so taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd
 * taler-exchange-offline: group for the access to the offline private key (only used on the offline host and not used on the online system)
 
+..
+  FIXME: "taler-exchange-secmod: group for processes with access to online signing keys, so taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd .... what?"  Seems that this sentence lacks conclusion.
+
+
 
 The package will deploy systemd service files in
 ``/usr/lib/systemd/system/`` for the various components:
@@ -252,10 +268,13 @@ Wire Gateway Setup
 The Taler Wire Gateway is an API that connects the Taler exchange to
 the underlying core banking system.
 
-LibEuFin is an implementation of the Wire Gateway API for the EBICS.
+LibEuFin is an implementation of the Wire Gateway API for the EBICS protocol.
 Please follow the setup instructions in ??? to set up a Taler Wire Gateway with
 LibEuFin for an EBICS bank account.
 
+..
+  FIXME: replace ??? above with actual link.
+
 The exchange must be configured with the right settings to
 access the Taler Wire Gateway.  An exchange can be configured
 to use multiple bank accounts by using multiple Wire Gateways.
@@ -328,7 +347,7 @@ The following users must have access to the exchange database:
 * taler-exchange-closer
 
 These users are all in the taler-exchange-db group, and the
-``exchange-db.secret.conf`` is should already be only readable by users in
+``exchange-db.secret.conf`` should already be only readable by users in
 this group.
 
 To create a database for the Taler exchange on the local system, run:
@@ -364,6 +383,11 @@ Next, we need to grant the other accounts limited access:
   [root@exchange-onlie]# echo 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-wire";' \
     | sudo -u taler-exchange-httpd psql taler-exchange
 
+..
+  FIXME: the above commands do work, except that they produce a eye-unfriendly "cannot change to /root directory"
+  message after the execution.  This might be avoided by first getting a shell as the taler-exchange-httpd user
+  and then run the SQL statements.
+
 
 Assuming the above database setup, the database credentials to configure
 in the configuration file would simply be:
@@ -402,7 +426,7 @@ The responsibilities of this offline signing machine are:
   [root@exchange-offline]# sudo -u taler-exchange-offline taler-exchange-offline setup
   < ... prints the exchange master public key >
 
-The public key printed as the output of this command should must be put into the configuration
+The public key printed as the output of this command must be put into the configuration
 of the online machine:
 
 .. code-block:: ini
@@ -456,10 +480,10 @@ The exchange HTTP service can now be started:
 
 .. note::
 
-   At this point, the exchange service not yet fully operational.
+   At this point, the exchange service is not yet fully operational.
 
 
-To check whether the exchange is running correctly under the advertise
+To check whether the exchange is running correctly under the advertised
 base URL, run:
 
 .. code-block:: shell-session
@@ -481,7 +505,7 @@ steps involving the offline signing machine must be completed:
    Additionally, the offline signing system signs policy messages
    to configure the exchange's bank accounts and associated fees.
 3. The messages generated by the offline signing system are uploaded
-   to via the management API of the exchange HTTP service.
+   via the management API of the exchange HTTP service.
 
 
 .. code-block:: shell-session
@@ -495,7 +519,7 @@ steps involving the offline signing machine must be completed:
     enable-account payto://sepa/$IBAN > acct-response.json
   [root@exchange-offline]# taler-exchange-offline \
     enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json
-
+  # FIXME: 'enable-account' above seems wrong.
   [root@exchange-online]# taler-exchange-offline upload < sig-response.json
   [root@exchange-online]# taler-exchange-offline upload < acct-response.json
   [root@exchange-online]# taler-exchange-offline upload < fee-response.json
@@ -528,6 +552,9 @@ a merchant backend is not required, as the wallet acts as a merchant.
 
   # Check whether the exchange received an incoming bank transfer
   [root@exchange-online]# taler-exchangewire-gateway-client --section exchange-account-1 --credit-history
+  # FIXME: this one above fails, complaining that the section's name doesn't begin with `exchange-accountcredentials-`
+  # Blocks also the further steps from being taken.  Should the include in line 33 point inside the "secrets" directory?
+  # https://git.taler.net/exchange.git/tree/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf?id=289b816e1cd1a56a0b82582b69bff22c55e6b8a0
 
   # Once the transfer has been made, try completing the withdrawal
   $ taler-wallet-cli run-pending