diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2024-05-15 17:25:37 +0200 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2024-05-15 17:25:37 +0200 |
commit | c1a885ac1f9d9b2fdef19a976bed01dab4f7d852 (patch) | |
tree | 60776489ffb405e30b5895fe5f8be62154173b3b | |
parent | b8d2d2fa2ed2a771880f451725176f256583cb22 (diff) | |
download | docs-c1a885ac1f9d9b2fdef19a976bed01dab4f7d852.tar.gz docs-c1a885ac1f9d9b2fdef19a976bed01dab4f7d852.tar.bz2 docs-c1a885ac1f9d9b2fdef19a976bed01dab4f7d852.zip |
update prebuilt documentation for v0.11prebuilt
71 files changed, 1013 insertions, 660 deletions
diff --git a/man/challenger-admin.1 b/man/challenger-admin.1 index 22a465af..c0119601 100644 --- a/man/challenger-admin.1 +++ b/man/challenger-admin.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER-ADMIN" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER-ADMIN" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger-admin \- manipulate list of authorized Challenger clients .SH SYNOPSIS diff --git a/man/challenger-config.1 b/man/challenger-config.1 index 50275c66..be45aab6 100644 --- a/man/challenger-config.1 +++ b/man/challenger-config.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER-CONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER-CONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger-config \- manipulate Challenger configuration files .SH SYNOPSIS diff --git a/man/challenger-dbconfig.1 b/man/challenger-dbconfig.1 index 67b97611..0db668f6 100644 --- a/man/challenger-dbconfig.1 +++ b/man/challenger-dbconfig.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER-DBCONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER-DBCONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger-dbconfig \- configure challenger database .SH SYNOPSIS diff --git a/man/challenger-dbinit.1 b/man/challenger-dbinit.1 index c87b35cd..0c9f372d 100644 --- a/man/challenger-dbinit.1 +++ b/man/challenger-dbinit.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER-DBINIT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER-DBINIT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger-dbinit \- initialize the Challenger database .SH SYNOPSIS diff --git a/man/challenger-httpd.1 b/man/challenger-httpd.1 index 2cc1f345..fb8be747 100644 --- a/man/challenger-httpd.1 +++ b/man/challenger-httpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER-HTTPD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER-HTTPD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger-httpd \- provide the Challenger HTTP interface .SH SYNOPSIS diff --git a/man/challenger.conf.5 b/man/challenger.conf.5 index f895feb1..4f600695 100644 --- a/man/challenger.conf.5 +++ b/man/challenger.conf.5 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CHALLENGER.CONF" "5" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "CHALLENGER.CONF" "5" "May 15, 2024" "0.10" "GNU Taler" .SH NAME challenger.conf \- Challenger configuration file .SH DESCRIPTION @@ -79,8 +79,6 @@ from \fI\%GNU autoconf\fP\&. The values are usually dependent on an \fBINSTALL_PREFIX\fP which is determined by the \fB\-\-prefix\fP option given to configure. The canonical values are: .INDENT 0.0 -.INDENT 3.5 -.INDENT 0.0 .IP \(bu 2 LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/ .IP \(bu 2 @@ -98,8 +96,6 @@ LIBDIR = $INSTALL_PREFIX/lib/taler/ .IP \(bu 2 DATADIR = $INSTALL_PREFIX/share/taler/ .UNINDENT -.UNINDENT -.UNINDENT .sp Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the diff --git a/man/libeufin-nexus.1 b/man/libeufin-nexus.1 index 93aab863..ae04ef8d 100644 --- a/man/libeufin-nexus.1 +++ b/man/libeufin-nexus.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "LIBEUFIN-NEXUS" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "LIBEUFIN-NEXUS" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME libeufin-nexus \- service to interface to various bank access APIs .SH SYNOPSIS @@ -120,7 +120,7 @@ Configure logging to use LOGLEVEL. Uploaded documents will be stored \fIbefore\fP being submitted to the bank. This directory would contain several directories, each named after the \fBYYYY\-MM\-DD/submit\fP format. The pain.001 file would then be named in the following schema: \fB$microseconds_pain.001.xml\fP\&. .TP \fB–transient\fP -This flag, enabled by default, causes the command to check the database and submit only once, and then return. +This flag causes the command to check the database and submit only once, and then return. .UNINDENT .SS ebics\-fetch .sp @@ -133,6 +133,10 @@ The files type can be given as an argument to select what will be fetched. If no .IP \(bu 2 \fBstatus\fP: Payment status, retrieves status of pending debits. .IP \(bu 2 +\fBreport\fP: Account intraday reports, retrieves the history of confirmed debits and credits. +.IP \(bu 2 +\fBstatement\fP: Account statements, retrieves the history of confirmed debits and credits. +.IP \(bu 2 \fBnotification\fP: Debit & credit notifications, retrieves the history of confirmed debits and credits. .UNINDENT .INDENT 0.0 @@ -151,11 +155,30 @@ Log EBICS content at SAVEDIR. Downloaded documents will be stored \fIbefore\fP being ingested in the database. This directory would contain several directories, each named after the \fBYYYY\-MM\-DD/fetch\fP format. The stored files would then be named after the following schema: \fB$microseconds_$filename\fP\&. Exception to this naming scheme are the HAC responses, since they do not get any filename assigned by the ZIP archive (they are sent unzipped). Their naming scheme is: \fB$microseconds_HAC_response.pain.002.xml\fP\&. .TP \fB–transient\fP -This flag, enabled by default, causes the command to perform one download and return. +This flag causes the command to perform one download and return. .TP \fB–pinned\-start\fP Only supported in –transient mode, this option lets specify the earliest timestamp of the downloaded documents. The latest timestamp is always the current time. .UNINDENT +.SS serve +.sp +This command starts the HTTP server. +.sp +Its options are as follows: +.INDENT 0.0 +.TP +\fB\-h\fP | \fB–help\fP +Print short help on options. +.TP +\fB\-c\fP | \fB–config\fP \fIFILENAME\fP +Specifies the configuration file. +.TP +\fB\-L\fP | \fB–log\fP \fILOGLEVEL\fP +Configure logging to use LOGLEVEL. +.TP +\fB–check\fP +This flag causes the command to check whether an API is in use (if it’s useful to start the HTTP server) and to output 0 if at least one API is enabled, otherwise 1. +.UNINDENT .SS initiate\-payment .sp This subcommand initiates an outgoing payment. The pending payment is stored in the database and will be performed the next time \fBebics\-submit\fP run. diff --git a/man/libeufin-nexus.conf.5 b/man/libeufin-nexus.conf.5 index a93b8524..a50bed92 100644 --- a/man/libeufin-nexus.conf.5 +++ b/man/libeufin-nexus.conf.5 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "LIBEUFIN-NEXUS.CONF" "5" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "LIBEUFIN-NEXUS.CONF" "5" "May 15, 2024" "0.10" "GNU Taler" .SH NAME libeufin-nexus.conf \- LibEuFin Nexus configuration file .SH DESCRIPTION @@ -149,8 +149,8 @@ URL of the EBICS server .TP .B BANK_DIALECT Name of the following combination: EBICS version and ISO20022 recommendations -that Nexus would honor in the communication with the bank. Currently only the -‘postfinance’ value is supported. +that Nexus would honor in the communication with the bank. Currently only the +\fBpostfinance\fP or \fBgls\fP value is supported. .TP .B HOST_ID EBICS specific: name of the EBICS host @@ -199,6 +199,60 @@ download from the bank. .B IGNORE_TRANSACTIONS_BEFORE Ignore all transactions before a certain YYYY\-MM\-DD date, useful when you want to use an existing account with old transactions that should not be bounced. .UNINDENT +.SS HTTP SERVER OPTIONS +.sp +The following configuration value(s) belong to the “[nexus\-httpd]” section. +.INDENT 0.0 +.TP +.B SERVE +This can either be \fBtcp\fP or \fBunix\fP\&. +.TP +.B PORT +Port on which the HTTP server listens, e.g.\ 9967. +Only used if \fBSERVE\fP is \fBtcp\fP\&. +.TP +.B BIND_TO +Which IP address should we bind to? E.g. \fB127.0.0.1\fP or \fB::1\(ga\(gafor loopback. Can also be given as a hostname. +Only used if \(ga\(gaSERVE\fP is \fBtcp\fP\&. +.TP +.B UNIXPATH +Which unix domain path should we bind to? +Only used if \fBSERVE\fP is \fBunix\fP\&. +.TP +.B UNIXPATH_MODE +What should be the file access permissions for \fBUNIXPATH\fP? +Only used if \fBSERVE\fP is \fBunix\fP\&. +.UNINDENT +.SS HTTP WIRE GATEWAY API OPTIONS +.sp +The following configuration value(s) belong to the “[nexus\-httpd\-wire\-gateway\-api]” section. +.INDENT 0.0 +.TP +.B ENABLED +Whether to serve the Wire Gateway API. +.TP +.B AUTH_METHOD +How to authenticate this API. This can either be \fBnone\fP or \fBbearer\-token\fP\&. +.TP +.B AUTH_BEARER_TOKEN +The expected token. +Only used if \fBAUTH_METHOD\fP is \fBbearer\-token\fP\&. +.UNINDENT +.SS HTTP REVENUE API OPTIONS +.sp +The following configuration value(s) belong to the “[nexus\-httpd\-revenue\-api]” section. +.INDENT 0.0 +.TP +.B ENABLED +Whether to serve the Revenue API. +.TP +.B AUTH_METHOD +How to authenticate this API. This can either be \fBnone\fP or \fBbearer\-token\fP\&. +.TP +.B AUTH_BEARER_TOKEN +The expected token. +Only used if \fBAUTH_METHOD\fP is \fBbearer\-token\fP\&. +.UNINDENT .SS DATABASE OPTIONS .sp Setting the database belongs to the “[libeufin\-nexusdb\-postgres]” section and the following value. diff --git a/man/sync-config.1 b/man/sync-config.1 index dd99d519..9c6fac88 100644 --- a/man/sync-config.1 +++ b/man/sync-config.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SYNC-CONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "SYNC-CONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME sync-config \- manipulate Sync configuration files .SH SYNOPSIS diff --git a/man/sync-dbconfig.1 b/man/sync-dbconfig.1 index 6d06034f..9fdb7701 100644 --- a/man/sync-dbconfig.1 +++ b/man/sync-dbconfig.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SYNC-DBCONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "SYNC-DBCONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME sync-dbconfig \- configure sync database .SH SYNOPSIS diff --git a/man/sync-dbinit.1 b/man/sync-dbinit.1 index 7db7d856..6ef985d3 100644 --- a/man/sync-dbinit.1 +++ b/man/sync-dbinit.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SYNC-DBINIT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "SYNC-DBINIT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME sync-dbinit \- initialize the Sync database .SH SYNOPSIS diff --git a/man/sync-httpd.1 b/man/sync-httpd.1 index ea47b170..13814b4c 100644 --- a/man/sync-httpd.1 +++ b/man/sync-httpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SYNC-HTTPD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "SYNC-HTTPD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME sync-httpd \- provide the Sync HTTP interface .SH SYNOPSIS diff --git a/man/sync.conf.5 b/man/sync.conf.5 index c1d3e318..2d087ae1 100644 --- a/man/sync.conf.5 +++ b/man/sync.conf.5 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SYNC.CONF" "5" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "SYNC.CONF" "5" "May 15, 2024" "0.10" "GNU Taler" .SH NAME sync.conf \- Sync configuration file .SH DESCRIPTION @@ -79,8 +79,6 @@ from \fI\%GNU autoconf\fP\&. The values are usually dependent on an \fBINSTALL_PREFIX\fP which is determined by the \fB\-\-prefix\fP option given to configure. The canonical values are: .INDENT 0.0 -.INDENT 3.5 -.INDENT 0.0 .IP \(bu 2 LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/ .IP \(bu 2 @@ -98,8 +96,6 @@ LIBDIR = $INSTALL_PREFIX/lib/taler/ .IP \(bu 2 DATADIR = $INSTALL_PREFIX/share/taler/ .UNINDENT -.UNINDENT -.UNINDENT .sp Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the diff --git a/man/taler-aggregator-benchmark.1 b/man/taler-aggregator-benchmark.1 index ee744c30..cc84773b 100644 --- a/man/taler-aggregator-benchmark.1 +++ b/man/taler-aggregator-benchmark.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AGGREGATOR-BENCHMARK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AGGREGATOR-BENCHMARK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-aggregator-benchmark \- generate database to measure aggregator performance .SH SYNOPSIS diff --git a/man/taler-auditor-dbconfig.1 b/man/taler-auditor-dbconfig.1 index 2918932d..f86d2517 100644 --- a/man/taler-auditor-dbconfig.1 +++ b/man/taler-auditor-dbconfig.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-DBCONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-DBCONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-dbconfig \- configure Taler auditor database .SH SYNOPSIS diff --git a/man/taler-auditor-dbinit.1 b/man/taler-auditor-dbinit.1 index f2193ff0..90dfa5ce 100644 --- a/man/taler-auditor-dbinit.1 +++ b/man/taler-auditor-dbinit.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-DBINIT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-DBINIT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-dbinit \- setup auditor database .SH SYNOPSIS diff --git a/man/taler-auditor-exchange.1 b/man/taler-auditor-exchange.1 index f1fd1c66..d85c1d18 100644 --- a/man/taler-auditor-exchange.1 +++ b/man/taler-auditor-exchange.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-EXCHANGE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-EXCHANGE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-exchange \- add or remove exchange from auditor’s list .SH SYNOPSIS diff --git a/man/taler-auditor-httpd.1 b/man/taler-auditor-httpd.1 index 68b96f58..9ffaf497 100644 --- a/man/taler-auditor-httpd.1 +++ b/man/taler-auditor-httpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-HTTPD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-HTTPD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-httpd \- HTTP server providing a RESTful API to access a Taler auditor .SH SYNOPSIS diff --git a/man/taler-auditor-offline.1 b/man/taler-auditor-offline.1 index d73d2a32..c069119c 100644 --- a/man/taler-auditor-offline.1 +++ b/man/taler-auditor-offline.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-OFFLINE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-OFFLINE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-offline \- Taler auditor certifies that it audits a Taler exchange .SH SYNOPSIS @@ -93,11 +93,9 @@ by the auditor. To obtain the auditor’s public key, use: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline setup -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -159,44 +157,36 @@ required arguments. .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline download > keys.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Show information about public keys (offline or online) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline show < keys.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Sign public keys (offline) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline sign < keys.json > sigs.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Upload auditor signatures (online) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline upload < sigs.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Download, sign and upload, all in one (online) @@ -205,11 +195,9 @@ Note that doing this is only recommended in non\-production deployments. .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-auditor\-offline download sign upload -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH SECURITY CONSIDERATIONS diff --git a/man/taler-auditor-sync.1 b/man/taler-auditor-sync.1 index 55a33fb2..ce8b8def 100644 --- a/man/taler-auditor-sync.1 +++ b/man/taler-auditor-sync.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR-SYNC" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR-SYNC" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor-sync \- tool to safely synchronize auditor database .SH SYNOPSIS diff --git a/man/taler-auditor.1 b/man/taler-auditor.1 index 89903a2e..a0e6ec8e 100644 --- a/man/taler-auditor.1 +++ b/man/taler-auditor.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-AUDITOR" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-AUDITOR" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-auditor \- audit exchange .SH SYNOPSIS diff --git a/man/taler-bank-benchmark.1 b/man/taler-bank-benchmark.1 index 9bf26087..478c6b2e 100644 --- a/man/taler-bank-benchmark.1 +++ b/man/taler-bank-benchmark.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-BANK-BENCHMARK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-BANK-BENCHMARK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-bank-benchmark \- measure bank performance .SH SYNOPSIS diff --git a/man/taler-config.1 b/man/taler-config.1 index 37ee9fd8..373610da 100644 --- a/man/taler-config.1 +++ b/man/taler-config.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-CONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-CONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-config \- Taler configuration inspection and editing .SH SYNOPSIS diff --git a/man/taler-exchange-aggregator.1 b/man/taler-exchange-aggregator.1 index c9a226e2..2121601b 100644 --- a/man/taler-exchange-aggregator.1 +++ b/man/taler-exchange-aggregator.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-AGGREGATOR" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-AGGREGATOR" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-aggregator \- aggregate deposits into wire transfers .SH SYNOPSIS diff --git a/man/taler-exchange-benchmark.1 b/man/taler-exchange-benchmark.1 index 18e966c0..9e32a2a6 100644 --- a/man/taler-exchange-benchmark.1 +++ b/man/taler-exchange-benchmark.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-BENCHMARK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-BENCHMARK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-benchmark \- measure exchange performance .SH SYNOPSIS diff --git a/man/taler-exchange-closer.1 b/man/taler-exchange-closer.1 index 8ddc6550..8503ae97 100644 --- a/man/taler-exchange-closer.1 +++ b/man/taler-exchange-closer.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-CLOSER" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-CLOSER" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-closer \- close idle reserves .SH SYNOPSIS diff --git a/man/taler-exchange-dbconfig.1 b/man/taler-exchange-dbconfig.1 index 6e3846f6..dcdcbe0f 100644 --- a/man/taler-exchange-dbconfig.1 +++ b/man/taler-exchange-dbconfig.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-DBCONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-DBCONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-dbconfig \- configure Taler exchange database .SH SYNOPSIS diff --git a/man/taler-exchange-dbinit.1 b/man/taler-exchange-dbinit.1 index 2fe53de3..9c21f8a1 100644 --- a/man/taler-exchange-dbinit.1 +++ b/man/taler-exchange-dbinit.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-DBINIT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-DBINIT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-dbinit \- initialize Taler exchange database .SH SYNOPSIS diff --git a/man/taler-exchange-drain.1 b/man/taler-exchange-drain.1 index 48a7db8a..101a5ed7 100644 --- a/man/taler-exchange-drain.1 +++ b/man/taler-exchange-drain.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-DRAIN" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-DRAIN" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-drain \- drain profits from exchange .SH SYNOPSIS diff --git a/man/taler-exchange-expire.1 b/man/taler-exchange-expire.1 index 27eb47af..6fe1962d 100644 --- a/man/taler-exchange-expire.1 +++ b/man/taler-exchange-expire.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-EXPIRE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-EXPIRE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-expire \- refund expired purses .SH SYNOPSIS diff --git a/man/taler-exchange-httpd.1 b/man/taler-exchange-httpd.1 index 395e0f95..ed789e65 100644 --- a/man/taler-exchange-httpd.1 +++ b/man/taler-exchange-httpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-HTTPD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-HTTPD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-httpd \- run Taler exchange (with RESTful API) .SH SYNOPSIS diff --git a/man/taler-exchange-kyc-aml-pep-trigger.1 b/man/taler-exchange-kyc-aml-pep-trigger.1 index e6a0fb7f..3d795d83 100644 --- a/man/taler-exchange-kyc-aml-pep-trigger.1 +++ b/man/taler-exchange-kyc-aml-pep-trigger.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-KYC-AML-PEP-TRIGGER" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-KYC-AML-PEP-TRIGGER" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-kyc-aml-pep-trigger \- Taler KYC_AML_TRIGGER example .SH SYNOPSIS diff --git a/man/taler-exchange-kyc-tester.1 b/man/taler-exchange-kyc-tester.1 index ff80a8df..b7b39f96 100644 --- a/man/taler-exchange-kyc-tester.1 +++ b/man/taler-exchange-kyc-tester.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-KYC-TESTER" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-KYC-TESTER" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-kyc-tester \- test KYC service integration .SH SYNOPSIS diff --git a/man/taler-exchange-offline.1 b/man/taler-exchange-offline.1 index 687d86c0..00de541e 100644 --- a/man/taler-exchange-offline.1 +++ b/man/taler-exchange-offline.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-OFFLINE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-OFFLINE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-offline \- operations using the offline key of a Taler exchange .SH SYNOPSIS @@ -93,11 +93,9 @@ obtain the master public key, use: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline setup -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -487,44 +485,36 @@ required arguments. .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline download > keys.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Show information about future public keys (offline or online) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline show < keys.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Sign future public keys (offline) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline sign < keys.json > sigs.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Upload signatures about future public keys (online) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline upload < sigs.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Download, sign and upload, all in one (online) @@ -535,14 +525,12 @@ online! .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e download \e sign \e upload -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -551,15 +539,13 @@ so that \fBsign\fP can see it as input, as in the variant without \fBshow\fP\&. .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e download \e show \- \e sign \e upload -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Create signature to enable bank account (offline) @@ -569,12 +555,10 @@ without conversion: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e enable\-account payto://iban/DE24242?receiver\-name=operator > account.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -584,8 +568,7 @@ debit operations: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e enable\-account payto://x\-taler\-bank/example.com/?receiver\-name=name \e conversion\-url http://conversion.exchange.com/ \e @@ -597,19 +580,16 @@ $ taler\-exchange\-offline \e \(aqSwiss only\(aq \e \(aq{ \(dqde\(dq : \(dqnur Schweiz\(dq, \e \(dqfr\(dq : \(dqSuisse uniquement\(dq }\(aq -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Upload bank account signature (online) .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline upload < account.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Combine signing keys and enabling bank account (offline) @@ -618,14 +598,12 @@ You can chain multiple commands into one invocation: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e sign \e enable\-account \e payto://iban/DE24242 < keys.json > combo.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -636,11 +614,9 @@ and \fBenable\-account\fP subcommands. .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline upload < combo.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS Create multiple revocation messages in one pass (offline) @@ -650,8 +626,7 @@ key revocation: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ taler\-exchange\-offline \e revoke\-denomination $DKH1 \e revoke\-denomination $DKH2 > revoke.json @@ -661,8 +636,7 @@ $ taler\-exchange\-offline \e $ taler\-exchange\-offline \e revoke\-signkey $SK \e revoke\-denomkey $DKH > mix.json -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp diff --git a/man/taler-exchange-router.1 b/man/taler-exchange-router.1 index 3b4c095b..3b28d34e 100644 --- a/man/taler-exchange-router.1 +++ b/man/taler-exchange-router.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-ROUTER" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-ROUTER" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-router \- route payments to partner exchanges .SH SYNOPSIS diff --git a/man/taler-exchange-secmod-cs.1 b/man/taler-exchange-secmod-cs.1 index cd8001b5..62f2ff8e 100644 --- a/man/taler-exchange-secmod-cs.1 +++ b/man/taler-exchange-secmod-cs.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-SECMOD-CS" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-SECMOD-CS" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-secmod-cs \- handle private CS key operations for a Taler exchange .SH SYNOPSIS diff --git a/man/taler-exchange-secmod-eddsa.1 b/man/taler-exchange-secmod-eddsa.1 index 4e4a890b..c10e079e 100644 --- a/man/taler-exchange-secmod-eddsa.1 +++ b/man/taler-exchange-secmod-eddsa.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-SECMOD-EDDSA" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-SECMOD-EDDSA" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-secmod-eddsa \- handle private EDDSA key operations for a Taler exchange .SH SYNOPSIS diff --git a/man/taler-exchange-secmod-rsa.1 b/man/taler-exchange-secmod-rsa.1 index ee998ad6..315b773b 100644 --- a/man/taler-exchange-secmod-rsa.1 +++ b/man/taler-exchange-secmod-rsa.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-SECMOD-RSA" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-SECMOD-RSA" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-secmod-rsa \- handle private RSA key operations for a Taler exchange .SH SYNOPSIS diff --git a/man/taler-exchange-transfer.1 b/man/taler-exchange-transfer.1 index d8b3426f..74a265d0 100644 --- a/man/taler-exchange-transfer.1 +++ b/man/taler-exchange-transfer.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-TRANSFER" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-TRANSFER" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-transfer \- execute wire transfers .SH SYNOPSIS diff --git a/man/taler-exchange-wire-gateway-client.1 b/man/taler-exchange-wire-gateway-client.1 index 25d09723..fbd6279f 100644 --- a/man/taler-exchange-wire-gateway-client.1 +++ b/man/taler-exchange-wire-gateway-client.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-WIRE-GATEWAY-CLIENT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-WIRE-GATEWAY-CLIENT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-wire-gateway-client \- trigger a transfer at the bank .SH SYNOPSIS diff --git a/man/taler-exchange-wirewatch.1 b/man/taler-exchange-wirewatch.1 index 414cfb86..15d92e52 100644 --- a/man/taler-exchange-wirewatch.1 +++ b/man/taler-exchange-wirewatch.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-EXCHANGE-WIREWATCH" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-EXCHANGE-WIREWATCH" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-exchange-wirewatch \- watch for incoming wire transfers .SH SYNOPSIS diff --git a/man/taler-fakebank-run.1 b/man/taler-fakebank-run.1 index d10e2245..c16c9c52 100644 --- a/man/taler-fakebank-run.1 +++ b/man/taler-fakebank-run.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-FAKEBANK-RUN" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-FAKEBANK-RUN" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-fakebank-run \- run in-memory bank service for testing and benchmarking .SH SYNOPSIS diff --git a/man/taler-helper-auditor-aggregation.1 b/man/taler-helper-auditor-aggregation.1 index f27b2c2a..0cccf8ab 100644 --- a/man/taler-helper-auditor-aggregation.1 +++ b/man/taler-helper-auditor-aggregation.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-AGGREGATION" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-AGGREGATION" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-aggregation \- audit Taler exchange aggregation activity .SH SYNOPSIS diff --git a/man/taler-helper-auditor-coins.1 b/man/taler-helper-auditor-coins.1 index 1257b69d..fc15e2a8 100644 --- a/man/taler-helper-auditor-coins.1 +++ b/man/taler-helper-auditor-coins.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-COINS" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-COINS" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-coins \- audit Taler coin processing .SH SYNOPSIS diff --git a/man/taler-helper-auditor-deposits.1 b/man/taler-helper-auditor-deposits.1 index 4922077f..5b2a172b 100644 --- a/man/taler-helper-auditor-deposits.1 +++ b/man/taler-helper-auditor-deposits.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-DEPOSITS" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-DEPOSITS" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-deposits \- audit Taler exchange database for deposit confirmation consistency .SH SYNOPSIS diff --git a/man/taler-helper-auditor-purses.1 b/man/taler-helper-auditor-purses.1 index d97ec893..26afb262 100644 --- a/man/taler-helper-auditor-purses.1 +++ b/man/taler-helper-auditor-purses.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-PURSES" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-PURSES" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-purses \- audit Taler exchange purse handling .SH SYNOPSIS diff --git a/man/taler-helper-auditor-reserves.1 b/man/taler-helper-auditor-reserves.1 index 98c94584..2fd25b39 100644 --- a/man/taler-helper-auditor-reserves.1 +++ b/man/taler-helper-auditor-reserves.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-RESERVES" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-RESERVES" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-reserves \- audit Taler exchange reserve handling .SH SYNOPSIS diff --git a/man/taler-helper-auditor-wire.1 b/man/taler-helper-auditor-wire.1 index d90d3279..a01ed458 100644 --- a/man/taler-helper-auditor-wire.1 +++ b/man/taler-helper-auditor-wire.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-HELPER-AUDITOR-WIRE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-HELPER-AUDITOR-WIRE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-helper-auditor-wire \- audit exchange database for consistency with the bank's wire transfers .SH SYNOPSIS diff --git a/man/taler-mdb.1 b/man/taler-mdb.1 index 91b7cb4c..a945e37d 100644 --- a/man/taler-mdb.1 +++ b/man/taler-mdb.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MDB" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MDB" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-mdb \- operate multi drop bus (MDB) based vending machines with Taler payments .SH SYNOPSIS diff --git a/man/taler-merchant-benchmark.1 b/man/taler-merchant-benchmark.1 index a43632f8..f13ef204 100644 --- a/man/taler-merchant-benchmark.1 +++ b/man/taler-merchant-benchmark.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-BENCHMARK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-BENCHMARK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-benchmark \- generate Taler-style benchmarking payments .SH SYNOPSIS diff --git a/man/taler-merchant-dbconfig.1 b/man/taler-merchant-dbconfig.1 index 82d7dc2c..a782aa96 100644 --- a/man/taler-merchant-dbconfig.1 +++ b/man/taler-merchant-dbconfig.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-DBCONFIG" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-DBCONFIG" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-dbconfig \- configure Taler merchant database .SH SYNOPSIS diff --git a/man/taler-merchant-dbinit.1 b/man/taler-merchant-dbinit.1 index c2897053..c6134b93 100644 --- a/man/taler-merchant-dbinit.1 +++ b/man/taler-merchant-dbinit.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-DBINIT" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-DBINIT" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-dbinit \- initialize Taler merchant database .SH SYNOPSIS diff --git a/man/taler-merchant-depositcheck.1 b/man/taler-merchant-depositcheck.1 index 46d2ae10..a7651ba7 100644 --- a/man/taler-merchant-depositcheck.1 +++ b/man/taler-merchant-depositcheck.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-DEPOSITCHECK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-DEPOSITCHECK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-depositcheck \- check status of deposits with exchange .SH SYNOPSIS diff --git a/man/taler-merchant-exchange.1 b/man/taler-merchant-exchange.1 index ab138da0..b9795fab 100644 --- a/man/taler-merchant-exchange.1 +++ b/man/taler-merchant-exchange.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-EXCHANGE" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-EXCHANGE" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-exchange \- ask exchange which deposits were aggregated for a particular wire transfer that credited a merchant account .SH SYNOPSIS diff --git a/man/taler-merchant-httpd.1 b/man/taler-merchant-httpd.1 index 34865889..3f39b9c1 100644 --- a/man/taler-merchant-httpd.1 +++ b/man/taler-merchant-httpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-HTTPD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-HTTPD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-httpd \- run Taler merchant backend (with RESTful API) .SH SYNOPSIS diff --git a/man/taler-merchant-passwd.1 b/man/taler-merchant-passwd.1 index 7772cf9e..d9f4ed3c 100644 --- a/man/taler-merchant-passwd.1 +++ b/man/taler-merchant-passwd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-PASSWD" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-PASSWD" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-passwd \- change Taler merchant instance password .SH SYNOPSIS diff --git a/man/taler-merchant-webhook.1 b/man/taler-merchant-webhook.1 index 4fe1ba92..a9522731 100644 --- a/man/taler-merchant-webhook.1 +++ b/man/taler-merchant-webhook.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-WEBHOOK" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-WEBHOOK" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-webhook \- execute webhooks of the Taler merchant backend (optional service) .SH SYNOPSIS diff --git a/man/taler-merchant-wirewatch.1 b/man/taler-merchant-wirewatch.1 index 434061ba..2e078a34 100644 --- a/man/taler-merchant-wirewatch.1 +++ b/man/taler-merchant-wirewatch.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-MERCHANT-WIREWATCH" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-MERCHANT-WIREWATCH" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-merchant-wirewatch \- import credit transactions from a merchant bank account into merchant backend (optional) .SH SYNOPSIS diff --git a/man/taler-terms-generator.1 b/man/taler-terms-generator.1 index 1fa588b1..7be8bb9b 100644 --- a/man/taler-terms-generator.1 +++ b/man/taler-terms-generator.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-TERMS-GENERATOR" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-TERMS-GENERATOR" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-terms-generator \- create legal policy documents for services .SH SYNOPSIS diff --git a/man/taler-unified-setup.1 b/man/taler-unified-setup.1 index ff6f7d77..f22fd4a7 100644 --- a/man/taler-unified-setup.1 +++ b/man/taler-unified-setup.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER-UNIFIED-SETUP" "1" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER-UNIFIED-SETUP" "1" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler-unified-setup \- conveniently start and stop various GNU Taler services .SH SYNOPSIS diff --git a/man/taler.conf.5 b/man/taler.conf.5 index 85856dd4..6ae7dd4d 100644 --- a/man/taler.conf.5 +++ b/man/taler.conf.5 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "TALER.CONF" "5" "Apr 12, 2024" "0.9" "GNU Taler" +.TH "TALER.CONF" "5" "May 15, 2024" "0.10" "GNU Taler" .SH NAME taler.conf \- Taler configuration file .SH DESCRIPTION @@ -79,8 +79,6 @@ from \fI\%GNU autoconf\fP\&. The values are usually dependent on an \fBINSTALL_PREFIX\fP which is determined by the \fB\-\-prefix\fP option given to configure. The canonical values are: .INDENT 0.0 -.INDENT 3.5 -.INDENT 0.0 .IP \(bu 2 LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/ .IP \(bu 2 @@ -98,8 +96,6 @@ LIBDIR = $INSTALL_PREFIX/lib/taler/ .IP \(bu 2 DATADIR = $INSTALL_PREFIX/share/taler/ .UNINDENT -.UNINDENT -.UNINDENT .sp Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the @@ -130,7 +126,7 @@ Name of the currency, e.g.\ “EUR” for Euro. .TP .B CURRENCY_ROUND_UNIT Smallest amount in this currency that can be transferred using the -underlying RTGS. For example: “EUR:0.01” or “JPY:1”. +underlying RTGS. For example: \(dqEUR:0.01\(dq or \(dqJPY:1\(dq. .UNINDENT .sp The “[PATHS]” section is special in that it contains paths that can be @@ -160,7 +156,7 @@ sockets). Usually “${TMP}/taler\-system\-runtime”. .UNINDENT .SS CURRENCY SPECIFICATIONS .sp -Sections with a name of the form “[currency\-$NAME]” (where “$NAME” could +Sections with a name of the form “[currency\-$NAME]” (where \(dq$NAME\(dq could be any unique string) are used to specify details about how currencies should be handled (and in particularly rendered) by the user interface. A detailed motivation for this section can be found in DD51. @@ -206,10 +202,10 @@ JSON map determining how to encode very large or very tiny amounts in this currency. Maps a base10 logarithm to the respective currency symbol. Must include at least an entry for 0 (currency unit). For example, use -{“0”:”€”} for Euros or “{“0”:”$”} for Dollars. You could -additionally use {“0”:”€”,”3”:”k€”} to render 3000 EUR +{\(dq0\(dq:\(dq€\(dq} for Euros or \(dq{\(dq0\(dq:\(dq$\(dq} for Dollars. You could +additionally use {\(dq0\(dq:\(dq€\(dq,\(dq3\(dq:\(dqk€\(dq} to render 3000 EUR as 3k€. For BTC a typical map would be -{“0”:”BTC”,”\-3”:”mBTC”}, informing the UI to render small +{\(dq0\(dq:\(dqBTC\(dq,\(dq\-3\(dq:\(dqmBTC\(dq}, informing the UI to render small amounts in milli\-Bitcoin (mBTC). .UNINDENT .SS EXCHANGE OPTIONS @@ -222,29 +218,29 @@ exchange tools. Plugin to use for the database, e.g.\ “postgres”. .TP .B SERVE -Should the HTTP server listen on a UNIX domain socket (set option to “unix”) or on a TCP socket (set option to “tcp”)? +Should the HTTP server listen on a UNIX domain socket (set option to \(dqunix\(dq) or on a TCP socket (set option to \(dqtcp\(dq)? .TP .B UNIXPATH -Path to listen on if we “SERVE” is set to “unix”. +Path to listen on if we \(dqSERVE\(dq is set to \(dqunix\(dq. .TP .B UNIXPATH_MODE -Access permission mask to use for the “UNIXPATH”. +Access permission mask to use for the \(dqUNIXPATH\(dq. .TP .B PORT Port on which the HTTP server listens, e.g.\ 8080. .TP .B BIND_TO -Hostname to which the exchange HTTP server should be bound to, e.g. “localhost”. +Hostname to which the exchange HTTP server should be bound to, e.g. \(dqlocalhost\(dq. .TP .B MASTER_PUBLIC_KEY Crockford Base32\-encoded master public key, public version of the -exchange’s long\-time offline signing key. This configuration option +exchange\(aqs long\-time offline signing key. This configuration option is also used by the \fBauditor\fP to determine the public key of the exchange which it is auditing. .TP .B AML_THRESHOLD Largest amount in this currency that can be transferred per month without -an AML staff member doing a (manual) AML check. For example: “USD:1000000”. +an AML staff member doing a (manual) AML check. For example: \(dqUSD:1000000\(dq. .TP .B KYC_AML_TRIGGER Program to run on KYC attribute data to decide whether we should immediately flag an account for AML review. Program must return 0 if a manual AML review is not needed, and non\-zero to trigger an AML review. The KYC attribute data of the new user will be passed on standard\-input. @@ -271,9 +267,9 @@ Used by the KYC logic when interacting with OAuth 2.0. .TP .B TOPLEVEL_REDIRECT_URL Where to redirect visitors that access the top\-level -“/” endpoint of the exchange. Should point users to +\(dq/\(dq endpoint of the exchange. Should point users to information about the exchange operator. -Optional setting, defaults to “/terms”. +Optional setting, defaults to \(dq/terms\(dq. .TP .B AGGREGATOR_IDLE_SLEEP_INTERVAL For how long should the taler\-exchange\-aggregator sleep when it is idle @@ -292,7 +288,7 @@ For how long should the taler\-exchange\-wirewatch sleep when it is idle before trying to look for more work? Default is 60 seconds. .TP .B AGGREGATOR_SHARD_SIZE -Which share of the range from [0,..2147483648] should be processed by one of the shards of the aggregator. Useful only for Taler exchanges with ultra high\-performance needs. When changing this value, you must stop all aggregators and run “taler\-exchange\-dbinit \-s” before resuming. Default is 2147483648 (no sharding). +Which share of the range from [0,..2147483648] should be processed by one of the shards of the aggregator. Useful only for Taler exchanges with ultra high\-performance needs. When changing this value, you must stop all aggregators and run \(dqtaler\-exchange\-dbinit \-s\(dq before resuming. Default is 2147483648 (no sharding). .TP .B SIGNKEY_LEGAL_DURATION For how long are signatures with signing keys legally valid? @@ -306,12 +302,12 @@ How many requests should the HTTP server process at most before committing suici .B TERMS_DIR Directory where the terms of service of the exchange operator can be fund. The directory must contain sub\-directories for every supported language, -using the two\-character language code in lower case, e.g. “en/” or “fr/”. +using the two\-character language code in lower case, e.g. \(dqen/\(dq or \(dqfr/\(dq. Each subdirectory must then contain files with the terms of service in various formats. The basename of the file of the current policy must be specified under \fBTERMS_ETAG\fP\&. The extension defines the mime type. -Supported extensions include “html”, “htm”, “txt”, “pdf”, “jpg”, “jpeg”, -“png” and “gif”. For example, using a \fBTERMS_ETAG\fP of “0”, the structure +Supported extensions include \(dqhtml\(dq, \(dqhtm\(dq, \(dqtxt\(dq, \(dqpdf\(dq, \(dqjpg\(dq, \(dqjpeg\(dq, +\(dqpng\(dq and \(dqgif\(dq. For example, using a \fBTERMS_ETAG\fP of \(dq0\(dq, the structure could be the following: .INDENT 7.0 .IP \(bu 2 @@ -330,7 +326,7 @@ $TERMS_DIR/de/0.txt .TP .B TERMS_ETAG Basename of the file(s) in the \fBTERMS_DIR\fP with the current terms of service. -The value is also used for the “Etag” in the HTTP request to control +The value is also used for the \(dqEtag\(dq in the HTTP request to control caching. Whenever the terms of service change, the \fBTERMS_ETAG\fP MUST also change, and old values MUST NOT be repeated. For example, the date or version number of the terms of service SHOULD be used for the Etag. If @@ -346,37 +342,47 @@ Works the same as \fBTERMS_ETAG\fP, just for the privacy policy. .UNINDENT .SS EXCHANGE KYC PROVIDER OPTIONS .sp -The following options must be in the section “[kyc\-provider\-XXX]” sections. +The following options must be in the section \(dq[kyc\-provider\-$PROVIDER_NAME]\(dq sections. .INDENT 0.0 .TP -.B COST -Relative cost of the KYC provider, non\-negative number. -.TP .B LOGIC API type of the KYC provider. .TP -.B USER_TYPE -Type of user this provider is for, either INDIVIDUAL or BUSINESS. +.B CONVERTER +Name of a program to run on the output of the plugin +to convert the result into the desired set of attributes. +The converter must create a log for the system administrator +if the provided inputs do not match expectations. +Note that the converter will be expected to output the +set of attributes listed under the respective \fB[kyc\-check\-*]\fP +sections. Calling the converter with \fB\-\-list\-outputs\fP +should generate a (newline\-separated) list of attributes +the converter promises to generate in its JSON output +(when run regularly). .TP -.B PROVIDED_CHECKS -List of checks performed by this provider. Space\-separated names of checks, must match check names in legitimization rules. +.B COST +Optional cost, useful if clients want to voluntarily +trigger authentication procedures for attestation. .UNINDENT +.sp +Additional logic\-specific options may be given in the +section. .SS EXCHANGE KYC OAUTH2 OPTIONS .sp -The following options must be in the section “[kyc\-provider\-XXX]” sections with “LOGIC = oauth2”. +The following options must be in the section \(dq[kyc\-provider\-XXX]\(dq sections with \(dqLOGIC = oauth2\(dq. .INDENT 0.0 .TP .B KYC_OAUTH2_VALIDITY -Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”. +Duration (e.g. \(dq12 months\(dq) of the validity of the performed KYC check. Can be \(dqforever\(dq. .TP .B KYC_OAUTH2_AUTHORIZE_URL -URL of the OAuth2 endpoint to be used for KYC checks. The authorize URL is where the exchange will redirect the client to begin the authorization process. Example: “\fI\%http://localhost:8888/oauth/v2/authorize\fP”. To use the plugin in combination with the Challenger service’s \fB/setup\fP step, append “#setup”, thus “\fI\%https://challenger.example.com/authorize#setup\fP”. Here, “#setup” is not a fragment but merely a hint to the logic to determine the full authorization URL via the \fB/setup/$CLIENT_ID\fP handler. +URL of the OAuth2 endpoint to be used for KYC checks. The authorize URL is where the exchange will redirect the client to begin the authorization process. Example: \(dq\fI\%http://localhost:8888/oauth/v2/authorize\fP\(dq. To use the plugin in combination with the Challenger service\(aqs \fB/setup\fP step, append \(dq#setup\(dq, thus \(dq\fI\%https://challenger.example.com/authorize#setup\fP\(dq. Here, \(dq#setup\(dq is not a fragment but merely a hint to the logic to determine the full authorization URL via the \fB/setup/$CLIENT_ID\fP handler. .TP .B KYC_OAUTH2_TOKEN_URL -URL of the OAuth2 endpoint to be used for KYC checks. This is where the server will ultimately send the authorization token from the client and obtain its access token (which currently must be a “bearer” token). Example: “\fI\%http://localhost:8888/oauth/v2/token\fP” (or just “/token”) +URL of the OAuth2 endpoint to be used for KYC checks. This is where the server will ultimately send the authorization token from the client and obtain its access token (which currently must be a \(dqbearer\(dq token). Example: \(dq\fI\%http://localhost:8888/oauth/v2/token\fP\(dq (or just \(dq/token\(dq) .TP .B KYC_OAUTH2_INFO_URL -URL of the OAuth2\-protected resource endpoint, where the OAuth 2.0 token can be used to download information about the user that has undergone the KYC process. The exchange will use the access token obtained from the KYC_AUTH2_AUTH_URL to show that it is authorized to obtain the details. Example: “\fI\%http://localhost:8888/api/user/me\fP” or “\fI\%http://localhost:8888/oauth/v2/info\fP” +URL of the OAuth2\-protected resource endpoint, where the OAuth 2.0 token can be used to download information about the user that has undergone the KYC process. The exchange will use the access token obtained from the KYC_AUTH2_AUTH_URL to show that it is authorized to obtain the details. Example: \(dq\fI\%http://localhost:8888/api/user/me\fP\(dq or \(dq\fI\%http://localhost:8888/oauth/v2/info\fP\(dq .TP .B KYC_OAUTH2_CLIENT_ID Client ID of the exchange when it talks to the KYC OAuth2 endpoint. @@ -385,7 +391,7 @@ Client ID of the exchange when it talks to the KYC OAuth2 endpoint. Client secret of the exchange to use when talking to the KYC Oauth2 endpoint. .TP .B KYC_OAUTH2_POST_URL -URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process. Example: “\fI\%http://example.com/thank\-you\fP” +URL to which the exchange will redirect the client\(aqs browser after successful authorization/login for the KYC process. Example: \(dq\fI\%http://example.com/thank\-you\fP\(dq .TP .B KYC_OAUTH2_CONVERTER_HELPER Helper to convert JSON with KYC data returned by the OAuth2.0 info endpoint into GNU Taler internal format. Specific to the OAuth 2.0 provider. @@ -394,15 +400,15 @@ Helper to convert JSON with KYC data returned by the OAuth2.0 info endpoint into Set to YES to allow error responses to include potentially sensitive private information (such as full responses from the OAuth 2.0 server) that might aid in debugging -problems. Should be set to “NO” in production. +problems. Should be set to \(dqNO\(dq in production. .UNINDENT .SS EXCHANGE KYC KYCAID OPTIONS .sp -The following options must be in the section “[kyc\-provider\-XXX]” sections with “LOGIC = kycaid”. +The following options must be in the section \(dq[kyc\-provider\-XXX]\(dq sections with \(dqLOGIC = kycaid\(dq. .INDENT 0.0 .TP .B KYC_KYCAID_VALIDITY -Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”. +Duration (e.g. \(dq12 months\(dq) of the validity of the performed KYC check. Can be \(dqforever\(dq. .TP .B KYC_KYCAID_AUTH_TOKEN Authentication token to access the KYC service. @@ -411,15 +417,15 @@ Authentication token to access the KYC service. ID that specifies the form to use for the KYC process. .TP .B KYC_KYCAID_POST_URL -URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process. +URL to which the exchange will redirect the client\(aqs browser after successful authorization/login for the KYC process. .UNINDENT .SS EXCHANGE KYC PERSONA OPTIONS .sp -The following options must be in the section “[kyc\-provider\-XXX]” sections with “LOGIC = persona”. +The following options must be in the section \(dq[kyc\-provider\-XXX]\(dq sections with \(dqLOGIC = persona\(dq. .INDENT 0.0 .TP .B KYC_PERSONA_VALIDITY -Duration (e.g. “12 months”) of the validity of the performed KYC check. Can be “forever”. +Duration (e.g. \(dq12 months\(dq) of the validity of the performed KYC check. Can be \(dqforever\(dq. .TP .B KYC_PERSONA_AUTH_TOKEN Authentication token to access the KYC service. @@ -431,29 +437,194 @@ Salt value to use for request idempotency. Optional, generated at random per pro Subdomain to use under Persona. .TP .B KYC_PERSONA_CONVERTER_HELPER -Helper to convert JSON with KYC data returned by Persona into GNU Taler internal format. Should probably always be set to “taler\-exchange\-kyc\-persona\-converter.sh”. +Helper to convert JSON with KYC data returned by Persona into GNU Taler internal format. Should probably always be set to \(dqtaler\-exchange\-kyc\-persona\-converter.sh\(dq. .TP .B KYC_PERSONA_POST_URL -URL to which the exchange will redirect the client’s browser after successful authorization/login for the KYC process. +URL to which the exchange will redirect the client\(aqs browser after successful authorization/login for the KYC process. .TP .B KYC_PERSONA_TEMPLATE_ID ID of the Persona template to use. .UNINDENT .SS EXCHANGE KYC PERSONA GLOBAL OPTIONS .sp -The following option must be in the section “[kyclogic\-persona]”. +The following option must be in the section \(dq[kyclogic\-persona]\(dq. .INDENT 0.0 .TP .B WEBHOOK_AUTH_TOKEN Authentication token Persona must supply to our webhook. This is an optional setting. .UNINDENT +.SS EXCHANGE KYC CHECK OPTIONS +.sp +The following options must be in \(dq[kyc\-check\-$CHECK_NAME]\(dq sections. +.INDENT 0.0 +.TP +.B TYPE +Which type of check is this? Also determines +the SPA form to show to the user for this check. +.INDENT 7.0 +.IP \(bu 2 +INFO: wait for staff or contact staff out\-of band +(only information shown, no SPA action) +.IP \(bu 2 +FORM: SPA should show an inline (HTML) form +.IP \(bu 2 +LINK: SPA may start external KYC process or upload +.UNINDENT +.TP +.B VOLUNTARY +Optional. Set to YES to allow this check be +done voluntarily by a client (they may then +still have to pay for it). Used to offer the +SPA to display checks even if they are +not required. Default is NO. +.TP +.B PROVIDER_ID +Provider id, present only if type is LINK. +Refers to a \fBkyc\-provider\-$PROVIDER_ID\fP section. +.TP +.B FORM_NAME +Name of the SPA form, if type is FORM +\(dqINFO\(dq and \(dqLINK\(dq are reserved and must not be used. +The exchange server and the SPA must agree on a list +of supported forms and the resulting attributes. +The SPA should include a JSON resource file +\(dqforms.json\(dq mapping form names to arrays of +attribute names each form provides. +The list of possible FORM names is fixed in the SPA +for a particular exchange release. +.TP +.B DESCRIPTION +Descriptions to use in the SPA to display the check. +.TP +.B DESCRIPTION_I18N +JSON with internationalized descriptions to use +in the SPA to display the check. +.TP +.B REQUIRES +\(aq;\(aq\-separated list of fields that the CONTEXT must +provide as inputs to this check. For example, +for a FORM of type CHOICE, this might state +\fBchoices: string[];\fP\&. The type after the \(dq:\(dq +is for now purely for documentation and is +not checked. However, it may be shown to AML staff +when they configure measures. +.TP +.B OUTPUTS = business_name street city country registration +Description of the outputs provided by the check. +Basically, the check\(aqs output is expected to +provide the following fields as attribute inputs into +a subsequent AML program. +Only given for type FORM; INFO never has any outputs, +and for type LINK we can obtain the same information +from the CONVERTER via \fB\-\-list\-outputs\fP\&. +.TP +.B FALLBACK +Name of an \fBoriginal\fP measure to take if the check fails +(for any reason, e.g. provider or form fail to +satisfy constraints or provider signals user error) +Usually should point to a measure that requests +AML staff to investigate. The fallback measure +context always includes the reasons for the +failure. +.UNINDENT +.SS EXCHANGE KYC RULES +.sp +The following options must be in \(dq[kyc\-rule\-$RULE_NAME]\(dq sections. +.INDENT 0.0 +.TP +.B OPERATION_TYPE = WITHDRAW +Operation that triggers this rule. +Must be one of WITHDRAW, DEPOSIT, P2P\-RECEIVE +or WALLET\-BALANCE. +.TP +.B NEXT_MEASURES +Space\-separated list of next measures to be performed. +The SPA should display \fIall\fP of these measures to the user. +(They have a choice of either which ones, or in +which order they are to be performed.) +A special measure name \(dqverboten\(dq is used if the +specified threshold may never be crossed +(under this set of rules). +.TP +.B IS_AND_COMBINATOR +\(dqYES\(dq if all NEXT_MEASURES will eventually need +to be satisfied, \(dqNO\(dq the user has a choice between +them. Not actually enforced by the exchange, but +primarily used to inform the user whether this is +an \(dqand\(dq or \(dqor\(dq. YES for \(dqand\(dq. +.TP +.B EXPOSED +YES if the rule (specifically, operation type, +threshold, timeframe) and the general nature of +the next measure (verboten or approval required) +should be exposed to the client. +Defaults to NO if not set. +.TP +.B THRESHOLD +Threshold amount above which the rule is +triggered. The total must be exceeded in the given +timeframe. +.TP +.B TIMEFRAME +Timeframe over which the amount to be compared to +the THRESHOLD is calculated (for example, \(dq30 days\(dq). +Ignored for WALLET\-BALANCE. Can be \(aqforever\(aq. +.TP +.B ENABLED = NO +Set to YES to enable the rule (default is NO). +.UNINDENT +.SS EXCHANGE AML PROGRAMS +.sp +The following options must be in \(dq[aml\-program\-$PROG_NAME]\(dq sections. +.INDENT 0.0 +.TP +.B COMMAND +Name of the program to run. Must match a binary +on the local machine where the exchange is running. +.TP +.B DESCRIPTION +Human\-readable description of what this +AML helper program will do. Used to show +to the AML staff. +.TP +.B ENABLED +True if this AML program is enabled (and thus can be +used in measures and exposed to AML staff). +Optional, default is NO. +.TP +.B FALLBACK +Name of an \fBoriginal\fP measure to take if COMMAND fails +Usually points to a measure that asks AML staff +to contact the systems administrator. The fallback measure +context always includes the reasons for the +failure. +.UNINDENT +.SS EXCHANGE KYC MEASURES +.sp +The following options must be in \(dq[kyc\-measure\-$MEASURE_NAME]\(dq sections. These sections define the \fBoriginal\fP measures. +.INDENT 0.0 +.TP +.B CHECK_NAME +Name of a possible check for this measure. Optional. +If not given, PROGRAM should be run immediately +(on an empty set of attributes). +.TP +.B CONTEXT = {\(dqchoices\(dq:[\(dqindividual\(dq,\(dqbusiness\(dq]} +Context for the check. The context can be +just an empty JSON object if there is none. +.TP +.B PROGRAM +Program to run on the context and check data to +determine the outcome and next measure. +Refers to a \fB[aml\-program\-$PROG_NAME]\fP section name. +.UNINDENT .SS EXCHANGE EXTENSIONS OPTIONS .sp The functionality of the exchange can be extended by extensions. Those are shared libraries which implement the extension\-API of the exchange and are located under \fB$LIBDIR\fP, starting with prefix \fBlibtaler_extension_\fP\&. Each extension can be enabled by adding a dedicated section -“[exchange\-extension\-<extensionname>]” and the following option: +\(dq[exchange\-extension\-<extensionname>]\(dq and the following option: .INDENT 0.0 .TP .B ENABLED @@ -463,7 +634,7 @@ options might be set in the same section. .SS EXCHANGE EXTENSION FOR AGE RESTRICTION .sp The extension for age restriction support can be enabled by adding a section -“[exchange\-extension\-age_restriction]” with the following options: +\(dq[exchange\-extension\-age_restriction]\(dq with the following options: .INDENT 0.0 .TP .B ENABLE @@ -472,8 +643,8 @@ Must be set to \fBYES\fP in order to activate the extension. .B AGE_GROUPS A colon\-seperated string of increasing non\-negative integers, defining the buckets of age groups supported by the exchange. Each integer marks the -beginning of the next age group. The zero’th age group implicitly starts -with 0. For example, the string “10:18” would define three age groups: +beginning of the next age group. The zero\(aqth age group implicitly starts +with 0. For example, the string \(dq10:18\(dq would define three age groups: .INDENT 7.0 .INDENT 3.5 .INDENT 0.0 @@ -487,7 +658,7 @@ Group 2: ages 18 and above .UNINDENT .UNINDENT .sp -If not provided, the default value is “8:10:12:14:16:18:21”. +If not provided, the default value is \(dq8:10:12:14:16:18:21\(dq. .UNINDENT .sp \fBNote\fP: Age restriction is bound to specific denominations and must be @@ -496,7 +667,7 @@ the option \fBAGE_RESTRICTED = YES\fP, see \fI\%EXCHANGE COIN OPTIONS\fP\&. Howe age groups are defined globally for all denominations. .SS EXCHANGE OFFLINE SIGNING OPTIONS .sp -The following options must be in the section “[exchange\-offline]”. +The following options must be in the section \(dq[exchange\-offline]\(dq. .INDENT 0.0 .TP .B MASTER_PRIV_FILE @@ -523,7 +694,7 @@ this option will also be ignored. .UNINDENT .SS EXCHANGE RSA CRYPTO HELPER OPTIONS .sp -The following options must be in the section “[taler\-exchange\-secmod\-rsa]”. +The following options must be in the section \(dq[taler\-exchange\-secmod\-rsa]\(dq. .INDENT 0.0 .TP .B LOOKAHEAD_SIGN @@ -550,7 +721,7 @@ Note that the \fBtaler\-exchange\-secmod\-rsa\fP also evaluates the \fB[coin_*]\ configuration sections described below. .SS EXCHANGE CS CRYPTO HELPER OPTIONS .sp -The following options must be in the section “[taler\-exchange\-secmod\-cs]”. +The following options must be in the section \(dq[taler\-exchange\-secmod\-cs]\(dq. .INDENT 0.0 .TP .B LOOKAHEAD_SIGN @@ -577,7 +748,7 @@ Note that the \fBtaler\-exchange\-secmod\-cs\fP also evaluates the \fB[coin_*]\f configuration sections described below. .SS EXCHANGE EDDSA CRYPTO HELPER OPTIONS .sp -The following options must be in the section “[taler\-exchange\-secmod\-eddsa]”. +The following options must be in the section \(dq[taler\-exchange\-secmod\-eddsa]\(dq. .INDENT 0.0 .TP .B LOOKAHEAD_SIGN @@ -604,7 +775,7 @@ On which path should the security module listen for signing requests? .UNINDENT .SS EXCHANGE DATABASE OPTIONS .sp -The following options must be in the section “[exchangedb]”. +The following options must be in the section \(dq[exchangedb]\(dq. .INDENT 0.0 .TP .B IDLE_RESERVE_EXPIRATION_TIME @@ -665,7 +836,7 @@ URL of the wire gateway. Typically of the form \fBhttps://$HOSTNAME[:$PORT]/taler\-wire\-gateway/$USERNAME/\fP where $HOSTNAME is the hostname of the system running the bank (such as the Taler Python bank or the Nexus) and \fB$USERNAME\fP is -the username of the exchange’s bank account (usually matching +the username of the exchange\(aqs bank account (usually matching the \fBUSERNAME\fP option used for authentication). Example: \fBhttps://bank.demo.taler.net/taler\-wire\-gateway/Exchange/\fP\&. .TP @@ -720,12 +891,12 @@ What fee is charged for refunds? When a coin is refunded, the deposit fee is returned. Instead, the refund fee is charged to the customer. .TP .B CIPHER -What cryptosystem should be used? Must be set to either “CS” or “RSA”. +What cryptosystem should be used? Must be set to either \(dqCS\(dq or \(dqRSA\(dq. The respective crypto\-helper will then generate the keys for this denomination. .TP .B RSA_KEYSIZE -What is the RSA keysize modulos (in bits)? Only used if “CIPHER=RSA”. +What is the RSA keysize modulos (in bits)? Only used if \(dqCIPHER=RSA\(dq. .TP .B AGE_RESTRICTED Setting this option to \fBYES\fP marks the denomination as age restricted @@ -742,22 +913,22 @@ merchant backend. Plugin to use for the database, e.g._“postgres”. .TP .B SERVE -Should the HTTP server listen on a UNIX domain socket (set option to “unix”) or on a TCP socket (set option to “tcp”)? +Should the HTTP server listen on a UNIX domain socket (set option to \(dqunix\(dq) or on a TCP socket (set option to \(dqtcp\(dq)? .TP .B BASE_URL Which base URL should the merchant backend assume for itself in the protocol. Optional. If not given, the base URL will be constructed from X\-Forwarded\-Host, X\-Forwarded\-Port and X\-Forwarded\-Prefix headers that a reverse\-proxy should be setting. .TP .B UNIXPATH -Path to listen on if we “SERVE” is set to “unix”. +Path to listen on if we \(dqSERVE\(dq is set to \(dqunix\(dq. .TP .B UNIXPATH_MODE -Access permission mask to use for the “UNIXPATH”. +Access permission mask to use for the \(dqUNIXPATH\(dq. .TP .B PORT Port on which the HTTP server listens, e.g.\ 8080. .TP .B BIND_TO -Hostname to which the merchant HTTP server should be bound to, e.g. “localhost”. +Hostname to which the merchant HTTP server should be bound to, e.g. \(dqlocalhost\(dq. .TP .B LEGAL_PRESERVATION How long do we keep data in the database for tax audits after the @@ -792,7 +963,7 @@ Base URL of the exchange, e.g.\ “\fI\%https://exchange.demo.taler.net/\fP” .TP .B MASTER_KEY Crockford Base32 encoded master public key, public version of the -exchange’s long\-time offline signing key. Can be omitted, in that +exchange\(aqs long\-time offline signing key. Can be omitted, in that case the exchange will NOT be trusted unless it is audited by a known auditor. Omitting \fBMASTER_KEY\fP can be useful if we do not trust the exchange @@ -828,19 +999,19 @@ processes that do not have access to the (offline) auditor private key file. Base URL of the auditor, e.g.\ “\fI\%https://auditor.demo.taler.net/\fP” .TP .B SERVE -Should the HTTP server listen on a UNIX domain socket (set option to “unix”) or on a TCP socket (set option to “tcp”)? +Should the HTTP server listen on a UNIX domain socket (set option to \(dqunix\(dq) or on a TCP socket (set option to \(dqtcp\(dq)? .TP .B UNIXPATH -Path to listen on if we “SERVE” is set to “unix”. +Path to listen on if we \(dqSERVE\(dq is set to \(dqunix\(dq. .TP .B UNIXPATH_MODE -Access permission mask to use for the “UNIXPATH”. +Access permission mask to use for the \(dqUNIXPATH\(dq. .TP .B PORT Port on which the HTTP server listens, e.g.\ 8080. .TP .B BIND_TO -Hostname to which the merchant HTTP server should be bound to, e.g. “localhost”. +Hostname to which the merchant HTTP server should be bound to, e.g. \(dqlocalhost\(dq. .UNINDENT .SS AUDITOR POSTGRES BACKEND DATABASE OPTIONS .sp @@ -849,12 +1020,12 @@ The following options must be in section “[auditordb\-postgres]” if the .INDENT 0.0 .TP .B CONFIG -How to access the database, e.g.\ “postgres:///taler” to use the -“taler” database. Testcases use “talercheck”. +How to access the database, e.g.\ \(dqpostgres:///taler\(dq to use the +\(dqtaler\(dq database. Testcases use “talercheck”. .UNINDENT .SS Bank Options .sp -The following options must be in section “[bank]” for the taler\-fakebank\-run(1) command. They are not used by the exchange or LibEuFin! +The following options must be in section \(dq[bank]\(dq for the taler\-fakebank\-run(1) command. They are not used by the exchange or LibEuFin! .INDENT 0.0 .TP .B HTTP_PORT @@ -878,28 +1049,28 @@ Program to run while not vending, possibly useful to show advertisements on the ESSID to advertise to wallets for use as an open WiFi to make payments (optional). .TP .B FULFILLMENT_MSG -Message shown to users by their wallets upon successful payment. If “${PRODUCT_DESCRIPTION}” appears in the message, it will be replaced with the description of the product that was sold. +Message shown to users by their wallets upon successful payment. If \(dq${PRODUCT_DESCRIPTION}\(dq appears in the message, it will be replaced with the description of the product that was sold. .TP .B BACKEND_BASE_URL Base URL (possibly including instance) for the Taler merchant backend used to process payments. .TP .B BACKEND_AUTHORIZATION -Full HTTP “Authorization” header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Mandatory. +Full HTTP \(dqAuthorization\(dq header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Mandatory. .TP .B FRAMEBUFFER_BACKLIGHT -Name of the file used to control brightness of the display. Optional. Defaults to “/sys/class/backlight/soc:backlight/brightness” if not given. +Name of the file used to control brightness of the display. Optional. Defaults to \(dq/sys/class/backlight/soc:backlight/brightness\(dq if not given. .TP .B FRAMEBUFFER_DEVICE -Name of the framebuffer device to use. Defaults to “/dev/fb1” if not given. +Name of the framebuffer device to use. Defaults to \(dq/dev/fb1\(dq if not given. .TP .B UART_DEVICE -Name of the UART device to use. Defaults to “/dev/ttyAMA0” if not given. +Name of the UART device to use. Defaults to \(dq/dev/ttyAMA0\(dq if not given. .TP .B FAIL_COMMAND Command to run to display a failure to the user. If not given, errors will not be properly shown. .UNINDENT .sp -Each products being sold must be configured in a section where the name starts with “product\-“. +Each products being sold must be configured in a section where the name starts with \(dqproduct\-\(dq. In these sections, the options that must be provided are: .INDENT 0.0 .TP @@ -907,22 +1078,22 @@ In these sections, the options that must be provided are: Number identifying the slot in the vending machine that corresponds to this product. .TP .B INSTANCE -Instance to use for the payment. Optional. If not given, the BACKEND_BASE_URL from “[taler\-mdb]” will be used. +Instance to use for the payment. Optional. If not given, the BACKEND_BASE_URL from \(dq[taler\-mdb]\(dq will be used. .TP .B BACKEND_AUTHORIZATION -Full HTTP “Authorization” header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Optional, will use global BACKEND_AUTHORIZATION setting from “[taler\-mdb]” if missing. +Full HTTP \(dqAuthorization\(dq header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Optional, will use global BACKEND_AUTHORIZATION setting from \(dq[taler\-mdb]\(dq if missing. .TP .B DESCRIPTION -Human\-readable description of the product. Use “empty” if the product is known to be sold out (only effective if selling out is enabled via command\-line). +Human\-readable description of the product. Use \(dqempty\(dq if the product is known to be sold out (only effective if selling out is enabled via command\-line). .TP .B PRICE -Actual price of the product, as a Taler amount (“$CURRENCY:$VALUE.$FRACTION”). +Actual price of the product, as a Taler amount (\(dq$CURRENCY:$VALUE.$FRACTION\(dq). .TP .B KEY Key used to select the product from the console during testing. Optional. .TP .B THUMBNAIL -Name of a filename with a preview image of the product to be given to the wallet. Optional. Only “.png”, “.jpg”, “.jpeg” and “.svg” are supported at this time. +Name of a filename with a preview image of the product to be given to the wallet. Optional. Only \(dq.png\(dq, \(dq.jpg\(dq, \(dq.jpeg\(dq and \(dq.svg\(dq are supported at this time. .UNINDENT .SH SEE ALSO .sp diff --git a/texinfo/challenger-figures/challenger.png b/texinfo/challenger-figures/challenger.png Binary files differindex 3005af0e..d4d488c7 100644 --- a/texinfo/challenger-figures/challenger.png +++ b/texinfo/challenger-figures/challenger.png diff --git a/texinfo/challenger.texi b/texinfo/challenger.texi index 75e90760..9dd4654f 100644 --- a/texinfo/challenger.texi +++ b/texinfo/challenger.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -453,7 +453,11 @@ For Ubuntu Mantic use this instead: deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ mantic taler-mantic @end example -The last line is crucial, as it adds the GNU Taler packages. +For Ubuntu Noble use this instead: + +@example +deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ noble taler-noble +@end example Next, you must import the Taler Systems SA public package signing key into your keyring and update the package lists: @@ -600,16 +604,11 @@ variables that are unset, by using the following syntax: @code{$@{VAR:-default@}}. There are two ways a user can set the value of @code{$}-prefixable variables: -@quotation - @enumerate @item by defining them under a @code{[paths]} section: -@end enumerate - -@quotation @example [paths] @@ -618,22 +617,14 @@ TALER_DEPLOYMENT_SHARED = $@{HOME@}/shared-data [section-x] path-x = $@{TALER_DEPLOYMENT_SHARED@}/x @end example -@end quotation - - -@enumerate 2 @item or by setting them in the environment: -@end enumerate - -@quotation @example $ export VAR=/x @end example -@end quotation -@end quotation +@end enumerate The configuration loader will give precedence to variables set under @code{[path]} over environment variables. @@ -655,8 +646,6 @@ for generating configuration files under @code{deployment/netzbon/}. Each challenger service is designed to validate one type of address. Possible address types include: -@quotation - @itemize * @@ -669,7 +658,6 @@ e-mail addresses (via SMTP) @item mail addresses (via postal service) @end itemize -@end quotation In principle, additional types of addresses can easily be added by extending the respective HTML and programs to send challenges to the new address type. @@ -677,8 +665,6 @@ the respective HTML and programs to send challenges to the new address type. To make different types of address validations possible, the Challenger configuration contains two configuration options. -@quotation - @enumerate @@ -696,7 +682,6 @@ address is given to this subcommand as the first argument (@code{$1}), while the text with the challenge is passed to standard input. The subcommand should terminate with a status code of 0 on success. @end enumerate -@end quotation @float LiteralBlock @@ -722,15 +707,12 @@ the SMS and postal mail scripts before they can function. In any case, these scripts should be primarily seen as `examples' on how to write authentication commands. -@quotation - -..note: - -@example +@cartouche +@quotation Note We strongly welcome contributions for additional scripts with alternative providers or for new types of addresses. -@end example @end quotation +@end cartouche @node Legal conditions for using the service,Terms of Service,Fundamental Setup Address validation,Configuration Fundamentals @anchor{taler-challenger-manual legal-conditions-for-using-the-service}@anchor{10} @@ -1030,18 +1012,20 @@ to be initialized with the following command: @example [root@@exchange-online]# sudo -u challenger-httpd challenger-dbinit - -..note:: - - To run this command, the user must have `@w{`}CREATE TABLE`@w{`}, `@w{`}CREATE - INDEX`@w{`}, `@w{`}ALTER TABLE`@w{`} and (in the future possibly even) `@w{`}DROP TABLE`@w{`} - permissions. Those permissions are only required for this step (which may - have to be repeated when upgrading a deployment). Afterwards, during - normal operation, permissions to `@w{`}CREATE`@w{`} or `@w{`}ALTER`@w{`} tables are not - required by Challenger and thus should not be granted. For more - information, see :doc:`manpages/challenger-dbinit.1`. @end example +@cartouche +@quotation Note +To run this command, the user must have @code{CREATE TABLE}, @code{CREATE +INDEX}, @code{ALTER TABLE} and (in the future possibly even) @code{DROP TABLE} +permissions. Those permissions are only required for this step (which may +have to be repeated when upgrading a deployment). Afterwards, during +normal operation, permissions to @code{CREATE} or @code{ALTER} tables are not +required by Challenger and thus should not be granted. For more +information, see manpages/challenger-dbinit.1. +@end quotation +@end cartouche + @node Deployment,Template Customization,Configuration Fundamentals,Top @anchor{taler-challenger-manual deployment}@anchor{19} @chapter Deployment @@ -1162,18 +1146,15 @@ Before clients can use Challenger, they must be explicitly configured. Each client is identified via its OAuth 2.0 REDIRECT URI. Thus, a client must have exactly one REDIRECT URI -@quotation - -..note: - -@example +@cartouche +@quotation Note The OAuth 2.0 specification allows for a client to register zero or multiple REDIRECT URIs. However, zero is insecure as it creates an open redirector, and multiple REDIRECT URIs can trivially be implemented with Challenger by adding more clients. -@end example @end quotation +@end cartouche You can add or remove clients at any time; the Challenger service does not need to be running, but if it is you can still add or remove clients without @@ -1206,17 +1187,14 @@ info endpoints. For Challenger, these are @code{/authorize}, @code{/token} and @code{/authorize/$NONCE} where @code{$NONCE} is a nonce that must be first requested by the client using the @code{/setup/$CLIENT_ID} endpoint! -@quotation - -..note: - -@example +@cartouche +@quotation Note This extra step prevents user-agents from (ab)using the Challenger service to send challenges to addresses even when there is no authorized client that desires address validation. This is an important feature as address validation could be expensive. -@end example @end quotation +@end cartouche Thus, to generate the authorization URL, a client must first POST to @code{/setup/$CLIENT_ID} using their client secret in an @code{Authorization: Bearer $SECRET} @@ -1251,15 +1229,12 @@ KYC_OAUTH2_CLIENT_SECRET = "$SECRET" @section Database management -@quotation - @cartouche @quotation Note We advise to make good backups before experimenting with the database. @end quotation @end cartouche -@end quotation To update the Challenger database after upgrading to a newer version of Challenger, you should simply re-run @code{challenger-dbinit}. @@ -1293,7 +1268,7 @@ being lost. The Challenger service comes with various HTML templates that are shown to -guide users through the process. Challenger uses Mustach@footnote{https://gitlab.com/jbol/mustach} as the templating engine. This section +guide users through the process. Challenger uses C implementation of mustache@footnote{https://gitlab.com/jobol/mustach} as the templating engine. This section describes the various templates. In general, the templates must be installed to the @code{share/challenger/templates/} directory. The file names must be of the form @code{$NAME.$LANG.must} where @code{$NAME} is the name of the template and @@ -1316,7 +1291,7 @@ subsection title is the @code{$NAME} of the respective template. @end menu @node enter-$ADDRESS_TYPE-form,enter-tan-form,,Template Customization -@anchor{taler-challenger-manual enter-address-type-form}@anchor{24} +@anchor{taler-challenger-manual challenger-enter-address-type-form}@anchor{24}@anchor{taler-challenger-manual enter-address-type-form}@anchor{25} @section enter-$ADDRESS_TYPE-form @@ -1330,13 +1305,19 @@ file) is also supported. The template is instantiated using the following information: -@quotation - @itemize * @item -restrictions: Object; map of keys (names of the fields of the address to be entered by the user) to objects with a “regex” (string) containing an extended Posix regular expression for allowed address field values, and a “hint”/”hint_i18n” giving a human-readable explanation to display if the value entered by the user does not match the regex. Keys that are not mapped to such an object have no restriction on the value provided by the user. See “ADDRESS_RESTRICTIONS” in the challenger configuration. +restrictions: Object; map of keys (names of the fields of the +address to be entered by the user) to objects with a “regex” +(string) containing an extended Posix regular expression for +allowed address field values, and a “hint”/”hint_i18n” giving +a human-readable explanation to display if the value entered +by the user does not match the regex. Keys that are not mapped +to such an object have no restriction on the value provided by +the user. See “ADDRESS_RESTRICTIONS” in the challenger +configuration. @item fix_address: boolean; indicates if the given address cannot be changed @@ -1354,10 +1335,9 @@ details depend on the @code{ADDRESS_TYPE}, should be used to pre-populate the fo changes_left: Integer; number of times the address can still be changed, may or may not be shown to the user @end itemize -@end quotation @node enter-tan-form,invalid-pin,enter-$ADDRESS_TYPE-form,Template Customization -@anchor{taler-challenger-manual enter-tan-form}@anchor{25} +@anchor{taler-challenger-manual challenger-enter-tan-form}@anchor{26}@anchor{taler-challenger-manual enter-tan-form}@anchor{27} @section enter-tan-form @@ -1366,8 +1346,6 @@ that they received at the respective address. The template is instantiated using the following information: -@quotation - @itemize * @@ -1393,10 +1371,9 @@ again this time; might make a useful hint to the user next_tx_time: String; timestamp explaining when we would re-transmit the challenge the next time (at the earliest) if requested by the user @end itemize -@end quotation @node invalid-pin,validation-unknown,enter-tan-form,Template Customization -@anchor{taler-challenger-manual invalid-pin}@anchor{26} +@anchor{taler-challenger-manual challenger-invalid-pin}@anchor{28}@anchor{taler-challenger-manual invalid-pin}@anchor{29} @section invalid-pin @@ -1404,8 +1381,6 @@ The user has provided an invalid TAN code (HTTP 403 Forbidden). The template is instantiated using the following information: -@quotation - @itemize * @@ -1431,12 +1406,14 @@ auth_attempts_left: Integer; how many times might the user still try entering the PIN code @item -exhausted: Bool; if true, the PIN was not even evaluated as the user previously exhausted the number of attempts +exhausted: Bool; if true, the PIN was not even evaluated as the user +previously exhausted the number of attempts @item -no_challenge: Bool; if true, the PIN was not even evaluated as no challenge was ever issued (the user must have skipped the step of providing their address first!) +no_challenge: Bool; if true, the PIN was not even evaluated as no +challenge was ever issued (the user must have skipped the step of +providing their address first!) @end itemize -@end quotation If both `pin_transmissions_left' and `auth_attempts_left' are zero, the link to re-enter the PIN should be hidden and the user should only be allowed to @@ -1445,7 +1422,7 @@ values are zero. (Thus there is always at least one valid choice when the form is shown.) @node validation-unknown,invalid-request,invalid-pin,Template Customization -@anchor{taler-challenger-manual validation-unknown}@anchor{27} +@anchor{taler-challenger-manual challenger-validation-unknown}@anchor{2a}@anchor{taler-challenger-manual validation-unknown}@anchor{2b} @section validation-unknown @@ -1454,8 +1431,6 @@ backend (HTTP 404 Not Found). The template is instantiated using the following information: -@quotation - @itemize * @@ -1471,10 +1446,9 @@ user to understand the error detail: String; optional, extended human-readable text provided to elaborate on the error, should be shown to provide additional context @end itemize -@end quotation @node invalid-request,internal-error,validation-unknown,Template Customization -@anchor{taler-challenger-manual invalid-request}@anchor{28} +@anchor{taler-challenger-manual challenger-invalid-request}@anchor{2c}@anchor{taler-challenger-manual invalid-request}@anchor{2d} @section invalid-request @@ -1482,8 +1456,6 @@ The request of the client is invalid (HTTP 400 Bad Request). The template is instantiated using the following information: -@quotation - @itemize * @@ -1499,10 +1471,9 @@ user to understand the error detail: String; optional, extended human-readable text provided to elaborate on the error, should be shown to provide additional context @end itemize -@end quotation @node internal-error,,invalid-request,Template Customization -@anchor{taler-challenger-manual internal-error}@anchor{29} +@anchor{taler-challenger-manual challenger-internal-error}@anchor{2e}@anchor{taler-challenger-manual internal-error}@anchor{2f} @section internal-error @@ -1510,8 +1481,6 @@ The service experienced an internal error (HTTP 500 Internal Server Error). The template is instantiated using the following information: -@quotation - @itemize * @@ -1527,7 +1496,6 @@ user to understand the error detail: String; optional, extended human-readable text provided to elaborate on the error, should be shown to provide additional context @end itemize -@end quotation @c %**end of body @bye diff --git a/texinfo/taler-auditor.texi b/texinfo/taler-auditor.texi index 92fee90d..7a83c089 100644 --- a/texinfo/taler-auditor.texi +++ b/texinfo/taler-auditor.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -587,7 +587,11 @@ For Ubuntu Mantic use this instead: deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ mantic taler-mantic @end example -The last line is crucial, as it adds the GNU Taler packages. +For Ubuntu Noble use this instead: + +@example +deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ noble taler-noble +@end example Next, you must import the Taler Systems SA public package signing key into your keyring and update the package lists: @@ -802,16 +806,11 @@ variables that are unset, by using the following syntax: @code{$@{VAR:-default@}}. There are two ways a user can set the value of @code{$}-prefixable variables: -@quotation - @enumerate @item by defining them under a @code{[paths]} section: -@end enumerate - -@quotation @example [paths] @@ -820,22 +819,14 @@ TALER_DEPLOYMENT_SHARED = $@{HOME@}/shared-data [section-x] path-x = $@{TALER_DEPLOYMENT_SHARED@}/x @end example -@end quotation - - -@enumerate 2 @item or by setting them in the environment: -@end enumerate - -@quotation @example $ export VAR=/x @end example -@end quotation -@end quotation +@end enumerate The configuration loader will give precedence to variables set under @code{[path]} over environment variables. diff --git a/texinfo/taler-developer-manual-figures/arch-api.png b/texinfo/taler-developer-manual-figures/arch-api.png Binary files differindex 9e593ab4..68e30822 100644 --- a/texinfo/taler-developer-manual-figures/arch-api.png +++ b/texinfo/taler-developer-manual-figures/arch-api.png diff --git a/texinfo/taler-developer-manual.texi b/texinfo/taler-developer-manual.texi index 1d333657..e778c351 100644 --- a/texinfo/taler-developer-manual.texi +++ b/texinfo/taler-developer-manual.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -74,7 +74,6 @@ and related components. It is not intended for a general audience. * Project Overview:: * Fundamentals:: * Debian and Ubuntu Repositories:: -* Language-Specific Guidelines:: * Taler Deployment on gv.taler.net: Taler Deployment on gv taler net. * Demo Upgrade Procedure:: * Environments and Builders on taler.net: Environments and Builders on taler net. @@ -489,7 +488,7 @@ Commit the submodule change, and push it to the Taler exchange Git repo. A similar procedure is required for other databases in GANA. See file @code{README} in the various directories for specific instructions. -@node Debian and Ubuntu Repositories,Language-Specific Guidelines,Fundamentals,Top +@node Debian and Ubuntu Repositories,Taler Deployment on gv taler net,Fundamentals,Top @anchor{taler-developer-manual debian-and-ubuntu-repositories}@anchor{e} @chapter Debian and Ubuntu Repositories @@ -520,20 +519,8 @@ $ echo "deb https://deb.taler.net/apt-nightly bullseye-taler-nightly main" > /et $ wget -O - https://taler.net/taler-systems-nightly.gpg.key | apt-key add - @end example -@node Language-Specific Guidelines,Taler Deployment on gv taler net,Debian and Ubuntu Repositories,Top -@anchor{taler-developer-manual language-specific-guidelines}@anchor{10} -@chapter Language-Specific Guidelines - - - -@itemize * - -@item -Python Guidelines -@end itemize - -@node Taler Deployment on gv taler net,Demo Upgrade Procedure,Language-Specific Guidelines,Top -@anchor{taler-developer-manual taler-deployment-on-gv-taler-net}@anchor{11} +@node Taler Deployment on gv taler net,Demo Upgrade Procedure,Debian and Ubuntu Repositories,Top +@anchor{taler-developer-manual taler-deployment-on-gv-taler-net}@anchor{10} @chapter Taler Deployment on gv.taler.net @@ -550,7 +537,7 @@ your primary team contact for shell access if you think you need it. @end menu @node DNS,User Acccounts,,Taler Deployment on gv taler net -@anchor{taler-developer-manual dns}@anchor{12} +@anchor{taler-developer-manual dns}@anchor{11} @section DNS @@ -559,7 +546,7 @@ specifically Christian and Florian, and our system administrator, Javier. If you need a sub-domain to be added, please contact one of them. @node User Acccounts,,DNS,Taler Deployment on gv taler net -@anchor{taler-developer-manual user-acccounts}@anchor{13} +@anchor{taler-developer-manual user-acccounts}@anchor{12} @section User Acccounts @@ -582,7 +569,7 @@ automatically built. @end itemize @node Demo Upgrade Procedure,Environments and Builders on taler net,Taler Deployment on gv taler net,Top -@anchor{taler-developer-manual demo-upgrade-procedure}@anchor{14} +@anchor{taler-developer-manual demo-upgrade-procedure}@anchor{13} @chapter Demo Upgrade Procedure @@ -639,7 +626,7 @@ Docker Compose. @end menu @node Cheat sheet,Tagging components,,Demo Upgrade Procedure -@anchor{taler-developer-manual cheat-sheet}@anchor{15} +@anchor{taler-developer-manual cheat-sheet}@anchor{14} @section Cheat sheet @@ -663,7 +650,7 @@ $ docker-compose logs @end example @node Tagging components,GNU Taler Demo Upgrade Checklist,Cheat sheet,Demo Upgrade Procedure -@anchor{taler-developer-manual tagging-components}@anchor{16} +@anchor{taler-developer-manual tagging-components}@anchor{15} @section Tagging components @@ -679,7 +666,7 @@ SS = serial @end example @node GNU Taler Demo Upgrade Checklist,,Tagging components,Demo Upgrade Procedure -@anchor{taler-developer-manual gnu-taler-demo-upgrade-checklist}@anchor{17} +@anchor{taler-developer-manual gnu-taler-demo-upgrade-checklist}@anchor{16} @section GNU Taler Demo Upgrade Checklist @@ -698,7 +685,7 @@ SS = serial @end menu @node Domains,Post-upgrade checks,,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual domains}@anchor{18} +@anchor{taler-developer-manual domains}@anchor{17} @subsection Domains @@ -707,7 +694,7 @@ the same sandcastle demo can also be hosted at other domains. The same instructions should apply. @node Post-upgrade checks,Wallets,Domains,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual post-upgrade-checks}@anchor{19} +@anchor{taler-developer-manual post-upgrade-checks}@anchor{18} @subsection Post-upgrade checks @@ -723,7 +710,7 @@ taler-wallet-cli api 'runIntegrationTestV2' '@{"exchangeBaseUrl":"https://exchan @end itemize @node Wallets,Basics,Post-upgrade checks,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual wallets}@anchor{1a} +@anchor{taler-developer-manual wallets}@anchor{19} @subsection Wallets @@ -749,7 +736,7 @@ iOS: Apple Store / Testflight @end itemize @node Basics,Exchange AML SPA,Wallets,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual basics}@anchor{1b} +@anchor{taler-developer-manual basics}@anchor{1a} @subsection Basics @@ -815,7 +802,7 @@ iOS: Apple Store / Testflight @end itemize @node Exchange AML SPA,Blog demo,Basics,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual exchange-aml-spa}@anchor{1c} +@anchor{taler-developer-manual exchange-aml-spa}@anchor{1b} @subsection Exchange AML SPA @@ -848,7 +835,7 @@ iOS: Apple Store / Testflight @end itemize @node Blog demo,Donation demo,Exchange AML SPA,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual blog-demo}@anchor{1d} +@anchor{taler-developer-manual blog-demo}@anchor{1c} @subsection Blog demo @@ -907,7 +894,7 @@ redirects to the article without spending more money. @end itemize @node Donation demo,Merchant SPA,Blog demo,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual donation-demo}@anchor{1e} +@anchor{taler-developer-manual donation-demo}@anchor{1d} @subsection Donation demo @@ -936,7 +923,7 @@ fulfillment page. @end itemize @node Merchant SPA,P2P payments,Donation demo,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual merchant-spa}@anchor{1f} +@anchor{taler-developer-manual merchant-spa}@anchor{1e} @subsection Merchant SPA @@ -1044,7 +1031,7 @@ fulfillment page. @end itemize @node P2P payments,Shutdown,Merchant SPA,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual p2p-payments}@anchor{20} +@anchor{taler-developer-manual p2p-payments}@anchor{1f} @subsection P2P payments @@ -1074,7 +1061,7 @@ fulfillment page. @end itemize @node Shutdown,,P2P payments,GNU Taler Demo Upgrade Checklist -@anchor{taler-developer-manual shutdown}@anchor{21} +@anchor{taler-developer-manual shutdown}@anchor{20} @subsection Shutdown @@ -1110,7 +1097,7 @@ fulfillment page. @end itemize @node Environments and Builders on taler net,QA Plans,Demo Upgrade Procedure,Top -@anchor{taler-developer-manual environments-and-builders-on-taler-net}@anchor{22} +@anchor{taler-developer-manual environments-and-builders-on-taler-net}@anchor{21} @chapter Environments and Builders on taler.net @@ -1127,7 +1114,7 @@ fulfillment page. @end menu @node Buildbot implementation,Test builder,,Environments and Builders on taler net -@anchor{taler-developer-manual buildbot-implementation}@anchor{23} +@anchor{taler-developer-manual buildbot-implementation}@anchor{22} @section Buildbot implementation @@ -1172,7 +1159,7 @@ Create a worker from a shell account with this command: @code{buildbot-worker cr Then make sure there is a WORKER defined in master.cfg like: @code{worker.Worker("<username>", "<password>")} @node Test builder,Wallet builder,Buildbot implementation,Environments and Builders on taler net -@anchor{taler-developer-manual test-builder}@anchor{24} +@anchor{taler-developer-manual test-builder}@anchor{23} @section Test builder @@ -1194,7 +1181,7 @@ the mentioned unit file can be found at @code{deployment.git/systemd-services/} @end cartouche @node Wallet builder,Documentation Builder,Test builder,Environments and Builders on taler net -@anchor{taler-developer-manual wallet-builder}@anchor{25} +@anchor{taler-developer-manual wallet-builder}@anchor{24} @section Wallet builder @@ -1216,7 +1203,7 @@ the mentioned unit file can be found at @code{deployment.git/systemd-services/} @end cartouche @node Documentation Builder,Website Builder,Wallet builder,Environments and Builders on taler net -@anchor{taler-developer-manual documentation-builder}@anchor{26} +@anchor{taler-developer-manual documentation-builder}@anchor{25} @section Documentation Builder @@ -1238,7 +1225,7 @@ $ buildbot-worker start worker/ @end example @node Website Builder,Code coverage,Documentation Builder,Environments and Builders on taler net -@anchor{taler-developer-manual website-builder}@anchor{27} +@anchor{taler-developer-manual website-builder}@anchor{26} @section Website Builder @@ -1260,7 +1247,7 @@ $ buildbot-worker start worker/ @end example @node Code coverage,Producing auditor reports,Website Builder,Environments and Builders on taler net -@anchor{taler-developer-manual code-coverage}@anchor{28} +@anchor{taler-developer-manual code-coverage}@anchor{27} @section Code coverage @@ -1283,7 +1270,7 @@ $ buildbot-worker start worker/ The results are then published at @code{https://lcov.taler.net/}. @node Producing auditor reports,Database schema versioning,Code coverage,Environments and Builders on taler net -@anchor{taler-developer-manual producing-auditor-reports}@anchor{29} +@anchor{taler-developer-manual producing-auditor-reports}@anchor{28} @section Producing auditor reports @@ -1304,7 +1291,7 @@ $ buildbot-worker start worker/ @end example @node Database schema versioning,,Producing auditor reports,Environments and Builders on taler net -@anchor{taler-developer-manual database-schema-versioning}@anchor{2a}@anchor{taler-developer-manual databaseversioning}@anchor{5} +@anchor{taler-developer-manual database-schema-versioning}@anchor{29}@anchor{taler-developer-manual databaseversioning}@anchor{5} @section Database schema versioning @@ -1320,7 +1307,7 @@ Developers and operators MUST NOT make changes to database schema outside of this versioning. All tables of a GNU Taler component should live in their own schema. @node QA Plans,Releases,Environments and Builders on taler net,Top -@anchor{taler-developer-manual qa-plans}@anchor{2b} +@anchor{taler-developer-manual qa-plans}@anchor{2a} @chapter QA Plans @@ -1330,7 +1317,7 @@ outside of this versioning. All tables of a GNU Taler component should live in @end menu @node Taler 0 9 4 QA Plan,,,QA Plans -@anchor{taler-developer-manual taler-0-9-4-qa-plan}@anchor{2c} +@anchor{taler-developer-manual taler-0-9-4-qa-plan}@anchor{2b} @section Taler 0.9.4 QA Plan @@ -1350,7 +1337,7 @@ outside of this versioning. All tables of a GNU Taler component should live in @end menu @node Wallet Platforms,Running Deployments,,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual wallet-platforms}@anchor{2d} +@anchor{taler-developer-manual wallet-platforms}@anchor{2c} @subsection Wallet Platforms @@ -1403,7 +1390,7 @@ iOS @end itemize @node Running Deployments,Wallet Flows,Wallet Platforms,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual running-deployments}@anchor{2e} +@anchor{taler-developer-manual running-deployments}@anchor{2d} @subsection Running Deployments @@ -1437,7 +1424,7 @@ regio-taler.fdold.eu @end itemize @node Wallet Flows,libeufin-bank Flows,Running Deployments,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual wallet-flows}@anchor{2f} +@anchor{taler-developer-manual wallet-flows}@anchor{2e} @subsection Wallet Flows @@ -1524,10 +1511,21 @@ Reloading exchange keys @item Deleting an exchange @end itemize + +@item +Offline handling + + +@itemize * + +@item +Check error messages for other flows when internet connectivity +is bad or device is completely offline. +@end itemize @end itemize @node libeufin-bank Flows,Merchant Backend SPA Flows,Wallet Flows,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual libeufin-bank-flows}@anchor{30} +@anchor{taler-developer-manual libeufin-bank-flows}@anchor{2f} @subsection libeufin-bank Flows @@ -1594,7 +1592,7 @@ Lower cash-out limit enforced @end itemize @node Merchant Backend SPA Flows,Regio Deployment,libeufin-bank Flows,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual merchant-backend-spa-flows}@anchor{31} +@anchor{taler-developer-manual merchant-backend-spa-flows}@anchor{30} @subsection Merchant Backend SPA Flows @@ -1685,7 +1683,7 @@ Delete template @end itemize @node Regio Deployment,Android Merchant PoS,Merchant Backend SPA Flows,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual regio-deployment}@anchor{32} +@anchor{taler-developer-manual regio-deployment}@anchor{31} @subsection Regio Deployment @@ -1738,7 +1736,7 @@ Check logs @end itemize @node Android Merchant PoS,Android Cashier App,Regio Deployment,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual android-merchant-pos}@anchor{33} +@anchor{taler-developer-manual android-merchant-pos}@anchor{32} @subsection Android Merchant PoS @@ -1750,7 +1748,7 @@ Test against demo.taler.net @end itemize @node Android Cashier App,CI,Android Merchant PoS,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual android-cashier-app}@anchor{34} +@anchor{taler-developer-manual android-cashier-app}@anchor{33} @subsection Android Cashier App @@ -1762,7 +1760,7 @@ Test against demo.taler.net @end itemize @node CI,Debian Repository,Android Cashier App,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual ci}@anchor{35} +@anchor{taler-developer-manual ci}@anchor{34} @subsection CI @@ -1777,7 +1775,7 @@ CI should pass @end itemize @node Debian Repository,GNU Release,CI,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual debian-repository}@anchor{36} +@anchor{taler-developer-manual debian-repository}@anchor{35} @subsection Debian Repository @@ -1812,7 +1810,7 @@ supported codename(s): mantic @end itemize @node GNU Release,,Debian Repository,Taler 0 9 4 QA Plan -@anchor{taler-developer-manual gnu-release}@anchor{37} +@anchor{taler-developer-manual gnu-release}@anchor{36} @subsection GNU Release @@ -1827,7 +1825,7 @@ FTP upload @end itemize @node Releases,Continuous integration,QA Plans,Top -@anchor{taler-developer-manual releases}@anchor{38} +@anchor{taler-developer-manual releases}@anchor{37} @chapter Releases @@ -1844,7 +1842,7 @@ FTP upload @end menu @node GNU Taler Release Checklist,Release Process,,Releases -@anchor{taler-developer-manual gnu-taler-release-checklist}@anchor{39} +@anchor{taler-developer-manual gnu-taler-release-checklist}@anchor{38} @section GNU Taler Release Checklist @@ -2221,7 +2219,7 @@ Release announcement: @end itemize @node Release Process,Tagging,GNU Taler Release Checklist,Releases -@anchor{taler-developer-manual release-process}@anchor{3a} +@anchor{taler-developer-manual release-process}@anchor{39} @section Release Process @@ -2256,7 +2254,7 @@ wallet-core (wallet-core.git) @end itemize @node Tagging,Database for tests,Release Process,Releases -@anchor{taler-developer-manual tagging}@anchor{3b} +@anchor{taler-developer-manual tagging}@anchor{3a} @section Tagging @@ -2268,7 +2266,7 @@ $ git push origin v0.1.0 @end example @node Database for tests,Exchange merchant,Tagging,Releases -@anchor{taler-developer-manual database-for-tests}@anchor{3c} +@anchor{taler-developer-manual database-for-tests}@anchor{3b} @section Database for tests @@ -2285,7 +2283,7 @@ secured from unauthorized access. @end cartouche @node Exchange merchant,Wallet WebExtension,Database for tests,Releases -@anchor{taler-developer-manual exchange-merchant}@anchor{3d} +@anchor{taler-developer-manual exchange-merchant}@anchor{3c} @section Exchange, merchant @@ -2344,7 +2342,7 @@ $ make install check @end example @node Wallet WebExtension,Upload to GNU mirrors,Exchange merchant,Releases -@anchor{taler-developer-manual wallet-webextension}@anchor{3e} +@anchor{taler-developer-manual wallet-webextension}@anchor{3d} @section Wallet WebExtension @@ -2358,7 +2356,7 @@ $ make dist @end example @node Upload to GNU mirrors,Creating Debian packages,Wallet WebExtension,Releases -@anchor{taler-developer-manual upload-to-gnu-mirrors}@anchor{3f} +@anchor{taler-developer-manual upload-to-gnu-mirrors}@anchor{3e} @section Upload to GNU mirrors @@ -2376,7 +2374,7 @@ symlink: taler-exchange-0.1.0.tar.gz taler-exchange-latest.tar.gz Upload the files in `binary mode' to the ftp servers. @node Creating Debian packages,,Upload to GNU mirrors,Releases -@anchor{taler-developer-manual creating-debian-packages}@anchor{40} +@anchor{taler-developer-manual creating-debian-packages}@anchor{3f} @section Creating Debian packages @@ -2415,7 +2413,7 @@ Finally, make sure to clean up @code{~/incoming/} (by deleting the now imported @code{*.deb} files). @node Continuous integration,Internationalization,Releases,Top -@anchor{taler-developer-manual continuous-integration}@anchor{41} +@anchor{taler-developer-manual continuous-integration}@anchor{40} @chapter Continuous integration @@ -2433,7 +2431,7 @@ There is also the possibility to trigger builds manually, but this is only reserved to “admin” users. @node Internationalization,iOS Apps,Continuous integration,Top -@anchor{taler-developer-manual internationalization}@anchor{42} +@anchor{taler-developer-manual internationalization}@anchor{41} @chapter Internationalization @@ -2454,14 +2452,14 @@ At this time, this system is still very new for Taler.net and this documentation @end menu @node Who can Register,About Privilege Levels,,Internationalization -@anchor{taler-developer-manual who-can-register}@anchor{43} +@anchor{taler-developer-manual who-can-register}@anchor{42} @section Who can Register At this time, anyone can register an account at @indicateurl{https://weblate.taler.net/} to create translations. Registered users default to the `Users' and `Viewers' privilege level. @node About Privilege Levels,Upgrading Privileges,Who can Register,Internationalization -@anchor{taler-developer-manual about-privilege-levels}@anchor{44} +@anchor{taler-developer-manual about-privilege-levels}@anchor{43} @section About Privilege Levels @@ -2484,21 +2482,21 @@ This is the breakdown of privilege levels in Weblate: @end itemize @node Upgrading Privileges,How to Create a Project,About Privilege Levels,Internationalization -@anchor{taler-developer-manual upgrading-privileges}@anchor{45} +@anchor{taler-developer-manual upgrading-privileges}@anchor{44} @section Upgrading Privileges To upgrade from `Users'/`Viewers', a superuser must manually augment your privileges. At this time, superusers are Christian, Florian, and Buck. @node How to Create a Project,How to Create a Component,Upgrading Privileges,Internationalization -@anchor{taler-developer-manual how-to-create-a-project}@anchor{46} +@anchor{taler-developer-manual how-to-create-a-project}@anchor{45} @section How to Create a Project The `GNU Taler' project is probably the correct project for most Components and Translations falling under this guide. Please contact a superuser if you need another Project created. @node How to Create a Component,How to Create a Translation,How to Create a Project,Internationalization -@anchor{taler-developer-manual how-to-create-a-component}@anchor{47} +@anchor{taler-developer-manual how-to-create-a-component}@anchor{46} @section How to Create a Component @@ -2538,7 +2536,7 @@ Under `https://weblate.taler.net/create/component/vcs/': @end itemize @node How to Create a Translation,Translation Standards and Practices,How to Create a Component,Internationalization -@anchor{taler-developer-manual how-to-create-a-translation}@anchor{48} +@anchor{taler-developer-manual how-to-create-a-translation}@anchor{47} @section How to Create a Translation @@ -2557,7 +2555,7 @@ Under `https://weblate.taler.net/create/component/vcs/': You may also wish to refer to @indicateurl{https://docs.weblate.org/} . @node Translation Standards and Practices,GPG Signing of Translations,How to Create a Translation,Internationalization -@anchor{taler-developer-manual translation-standards-and-practices}@anchor{49} +@anchor{taler-developer-manual translation-standards-and-practices}@anchor{48} @section Translation Standards and Practices @@ -2568,7 +2566,7 @@ When asked, set the license to GPLv3 or later. Set commit/push to manual only. @node GPG Signing of Translations,,Translation Standards and Practices,Internationalization -@anchor{taler-developer-manual gpg-signing-of-translations}@anchor{4a} +@anchor{taler-developer-manual gpg-signing-of-translations}@anchor{49} @section GPG Signing of Translations @@ -2577,7 +2575,7 @@ weblate.taler.net signs GPG commits with the GPG key CD33CE35801462FA5EB0B695F26 This means that contributions made through weblate will not be signed with the individual contributor’s key when they are checked into the Git repository, but with the weblate key. @node iOS Apps,Android Apps,Internationalization,Top -@anchor{taler-developer-manual ios-apps}@anchor{4b} +@anchor{taler-developer-manual ios-apps}@anchor{4a} @chapter iOS Apps @@ -2587,7 +2585,7 @@ This means that contributions made through weblate will not be signed with the i @end menu @node Building Taler Wallet for iOS from source,,,iOS Apps -@anchor{taler-developer-manual build-ios-from-source}@anchor{4c}@anchor{taler-developer-manual building-taler-wallet-for-ios-from-source}@anchor{4d} +@anchor{taler-developer-manual build-ios-from-source}@anchor{4b}@anchor{taler-developer-manual building-taler-wallet-for-ios-from-source}@anchor{4c} @section Building Taler Wallet for iOS from source @@ -2601,7 +2599,7 @@ the official Git repository@footnote{https://git.taler.net/taler-ios.git}. @end menu @node Compatibility,Building,,Building Taler Wallet for iOS from source -@anchor{taler-developer-manual compatibility}@anchor{4e} +@anchor{taler-developer-manual compatibility}@anchor{4d} @subsection Compatibility @@ -2609,7 +2607,7 @@ The minimum version of iOS supported is 15.0. This app runs on all iPhone models at least as new as the iPhone 6S. @node Building,,Compatibility,Building Taler Wallet for iOS from source -@anchor{taler-developer-manual building}@anchor{4f} +@anchor{taler-developer-manual building}@anchor{4e} @subsection Building @@ -2641,7 +2639,7 @@ there - all needed libraries and frameworks will be built automatically from Taler.xcworkspace. @node Android Apps,Code Coverage,iOS Apps,Top -@anchor{taler-developer-manual android-apps}@anchor{50} +@anchor{taler-developer-manual android-apps}@anchor{4f} @chapter Android Apps @@ -2654,7 +2652,7 @@ Taler.xcworkspace. @end menu @node Android App Nightly Builds,Building apps from source,,Android Apps -@anchor{taler-developer-manual android-app-nightly-builds}@anchor{51} +@anchor{taler-developer-manual android-app-nightly-builds}@anchor{50} @section Android App Nightly Builds @@ -2705,7 +2703,7 @@ Use at your own risk! @end cartouche @node Building apps from source,Update translations,Android App Nightly Builds,Android Apps -@anchor{taler-developer-manual build-apps-from-source}@anchor{52}@anchor{taler-developer-manual building-apps-from-source}@anchor{53} +@anchor{taler-developer-manual build-apps-from-source}@anchor{51}@anchor{taler-developer-manual building-apps-from-source}@anchor{52} @section Building apps from source @@ -2791,7 +2789,7 @@ After the build finished successfully, you will find your APK in @code{merchant-terminal/build/outputs/apk/release/}. @node Update translations,Release process,Building apps from source,Android Apps -@anchor{taler-developer-manual update-translations}@anchor{54} +@anchor{taler-developer-manual update-translations}@anchor{53} @section Update translations @@ -2825,7 +2823,7 @@ Afterwards, build the entire project from source and test the UI to ensure that no erroneous translations (missing placeholders) are breaking things. @node Release process,,Update translations,Android Apps -@anchor{taler-developer-manual id1}@anchor{55} +@anchor{taler-developer-manual id1}@anchor{54} @section Release process @@ -2856,7 +2854,7 @@ $ git tag -s $APP-$VERSION @end menu @node F-Droid,Google Play,,Release process -@anchor{taler-developer-manual id2}@anchor{56} +@anchor{taler-developer-manual id2}@anchor{55} @subsection F-Droid @@ -2880,7 +2878,7 @@ PoS: [metadata@footnote{https://gitlab.com/fdroid/fdroiddata/-/blob/master/metad @end itemize @node Google Play,,F-Droid,Release process -@anchor{taler-developer-manual google-play}@anchor{57} +@anchor{taler-developer-manual google-play}@anchor{56} @subsection Google Play @@ -2902,7 +2900,7 @@ All uploads are going to the beta track by default. These can be promoted to production later or immediately after upload if you feel daring. @node Code Coverage,Coding Conventions,Android Apps,Top -@anchor{taler-developer-manual id3}@anchor{58}@anchor{taler-developer-manual id4}@anchor{59} +@anchor{taler-developer-manual id3}@anchor{57}@anchor{taler-developer-manual id4}@anchor{58} @chapter Code Coverage @@ -2912,7 +2910,7 @@ nightly (once a day) by a Buildbot worker. The coverage results are then published at @indicateurl{https://lcov.taler.net/} . @node Coding Conventions,Testing library,Code Coverage,Top -@anchor{taler-developer-manual coding-conventions}@anchor{5a} +@anchor{taler-developer-manual coding-conventions}@anchor{59} @chapter Coding Conventions @@ -2929,7 +2927,7 @@ GNU Taler is developed primarily in C, Kotlin, Python, Swift and TypeScript. @end menu @node Components written in C,Shell Scripts,,Coding Conventions -@anchor{taler-developer-manual components-written-in-c}@anchor{5b} +@anchor{taler-developer-manual components-written-in-c}@anchor{5a} @section Components written in C @@ -2949,7 +2947,7 @@ by the GNUnet style: @indicateurl{https://docs.gnunet.org/handbook/gnunet.html#C @end menu @node Naming conventions,,,Components written in C -@anchor{taler-developer-manual naming-conventions}@anchor{5c} +@anchor{taler-developer-manual naming-conventions}@anchor{5b} @subsection Naming conventions @@ -3110,7 +3108,7 @@ must be called “perf_module-under-test_case-description.c” @end itemize @node Shell Scripts,Kotlin,Components written in C,Coding Conventions -@anchor{taler-developer-manual shell-scripts}@anchor{5d} +@anchor{taler-developer-manual shell-scripts}@anchor{5c} @section Shell Scripts @@ -3137,7 +3135,7 @@ $ set -eu @end example @node Kotlin,Python,Shell Scripts,Coding Conventions -@anchor{taler-developer-manual kotlin}@anchor{5e} +@anchor{taler-developer-manual kotlin}@anchor{5d} @section Kotlin @@ -3145,7 +3143,7 @@ We so far have no specific guidelines, please follow best practices for the language. @node Python,Swift,Kotlin,Coding Conventions -@anchor{taler-developer-manual python}@anchor{5f} +@anchor{taler-developer-manual python}@anchor{5e} @section Python @@ -3157,14 +3155,14 @@ for the language. @end menu @node Supported Python Versions,Style,,Python -@anchor{taler-developer-manual supported-python-versions}@anchor{60} +@anchor{taler-developer-manual supported-python-versions}@anchor{5f} @subsection Supported Python Versions Python code should be written and build against version 3.7 of Python. @node Style,Python for Scripting,Supported Python Versions,Python -@anchor{taler-developer-manual style}@anchor{61} +@anchor{taler-developer-manual style}@anchor{60} @subsection Style @@ -3174,7 +3172,7 @@ A reusable yapf style file can be found in @code{build-common}, which is intended to be used as a git submodule. @node Python for Scripting,,Style,Python -@anchor{taler-developer-manual python-for-scripting}@anchor{62} +@anchor{taler-developer-manual python-for-scripting}@anchor{61} @subsection Python for Scripting @@ -3196,21 +3194,21 @@ over the older APIs. @end itemize @node Swift,TypeScript,Python,Coding Conventions -@anchor{taler-developer-manual swift}@anchor{63} +@anchor{taler-developer-manual swift}@anchor{62} @section Swift Please follow best practices for the language. @node TypeScript,,Swift,Coding Conventions -@anchor{taler-developer-manual typescript}@anchor{64} +@anchor{taler-developer-manual typescript}@anchor{63} @section TypeScript Please follow best practices for the language. @node Testing library,User-Facing Terminology,Coding Conventions,Top -@anchor{taler-developer-manual testing-library}@anchor{65} +@anchor{taler-developer-manual testing-library}@anchor{64} @chapter Testing library @@ -3283,7 +3281,7 @@ Please refer to the Twister codebase (under the @code{test} directory) in order to see how to configure it. @node User-Facing Terminology,Developer Glossary,Testing library,Top -@anchor{taler-developer-manual user-facing-terminology}@anchor{66} +@anchor{taler-developer-manual user-facing-terminology}@anchor{65} @chapter User-Facing Terminology @@ -3297,7 +3295,7 @@ used in the user interface and help materials. @end menu @node Terms to Avoid,Terms to Use,,User-Facing Terminology -@anchor{taler-developer-manual terms-to-avoid}@anchor{67} +@anchor{taler-developer-manual terms-to-avoid}@anchor{66} @section Terms to Avoid @@ -3373,7 +3371,7 @@ with their payment. Can also be something like a donation receipt. @end table @node Terms to Use,,Terms to Avoid,User-Facing Terminology -@anchor{taler-developer-manual terms-to-use}@anchor{68} +@anchor{taler-developer-manual terms-to-use}@anchor{67} @section Terms to Use @@ -3425,7 +3423,7 @@ and payments. @end table @node Developer Glossary,Developer Tools,User-Facing Terminology,Top -@anchor{taler-developer-manual developer-glossary}@anchor{69} +@anchor{taler-developer-manual developer-glossary}@anchor{68} @chapter Developer Glossary @@ -3434,134 +3432,134 @@ use when talking to end users or even system administrators. @table @asis -@anchor{taler-developer-manual term-absolute-time}@anchor{6a} +@anchor{taler-developer-manual term-absolute-time}@anchor{69} @geindex absolute time @item absolute time -method of keeping time in @ref{6b,,GNUnet} where the time is represented +method of keeping time in @ref{6a,,GNUnet} where the time is represented as the number of microseconds since 1.1.1970 (UNIX epoch). Called -absolute time in contrast to @ref{6c,,relative time}. -@anchor{taler-developer-manual term-aggregate}@anchor{6d} +absolute time in contrast to @ref{6b,,relative time}. +@anchor{taler-developer-manual term-aggregate}@anchor{6c} @geindex aggregate @item aggregate -the @ref{6e,,exchange} combines multiple payments received by the -same @ref{6f,,merchant} into one larger @ref{70,,wire transfer} to -the respective merchant’s @ref{71,,bank} account -@anchor{taler-developer-manual term-auditor}@anchor{72} +the @ref{6d,,exchange} combines multiple payments received by the +same @ref{6e,,merchant} into one larger @ref{6f,,wire transfer} to +the respective merchant’s @ref{70,,bank} account +@anchor{taler-developer-manual term-auditor}@anchor{71} @geindex auditor @item auditor -trusted third party that verifies that the @ref{6e,,exchange} is operating correctly -@anchor{taler-developer-manual term-bank}@anchor{71} +trusted third party that verifies that the @ref{6d,,exchange} is operating correctly +@anchor{taler-developer-manual term-bank}@anchor{70} @geindex bank @item bank traditional financial service provider who offers -@ref{70,,wire transfers} between accounts -@anchor{taler-developer-manual term-buyer}@anchor{73} +@ref{6f,,wire transfers} between accounts +@anchor{taler-developer-manual term-buyer}@anchor{72} @geindex buyer @item buyer -individual in control of a Taler @ref{74,,wallet}, usually using it to -@ref{75,,spend} the @ref{76,,coins} on @ref{77,,contracts} (see also @ref{78,,customer}). -@anchor{taler-developer-manual term-close}@anchor{79} +individual in control of a Taler @ref{73,,wallet}, usually using it to +@ref{74,,spend} the @ref{75,,coins} on @ref{76,,contracts} (see also @ref{77,,customer}). +@anchor{taler-developer-manual term-close}@anchor{78} @geindex close @item close -operation an @ref{6e,,exchange} performs on a @ref{7a,,reserve} that has not been -@ref{7b,,emptied} by @ref{7c,,withdraw} operations. When closing a reserve, the -exchange wires the remaining funds back to the customer, minus a @ref{7d,,fee} +operation an @ref{6d,,exchange} performs on a @ref{79,,reserve} that has not been +@ref{7a,,emptied} by @ref{7b,,withdraw} operations. When closing a reserve, the +exchange wires the remaining funds back to the customer, minus a @ref{7c,,fee} for closing -@anchor{taler-developer-manual term-coin}@anchor{76} +@anchor{taler-developer-manual term-coin}@anchor{75} @geindex coin @item coin -coins are individual token representing a certain amount of value, also known as the @ref{7e,,denomination} of the coin -@anchor{taler-developer-manual term-contract}@anchor{77} +coins are individual token representing a certain amount of value, also known as the @ref{7d,,denomination} of the coin +@anchor{taler-developer-manual term-contract}@anchor{76} @geindex contract @item contract -formal agreement between @ref{6f,,merchant} and @ref{78,,customer} specifying the -@ref{7f,,contract terms} and signed by the merchant and the @ref{76,,coins} of the +formal agreement between @ref{6e,,merchant} and @ref{77,,customer} specifying the +@ref{7e,,contract terms} and signed by the merchant and the @ref{75,,coins} of the customer -@anchor{taler-developer-manual term-contract-terms}@anchor{7f} +@anchor{taler-developer-manual term-contract-terms}@anchor{7e} @geindex contract terms @item contract terms the individual clauses specifying what the buyer is purchasing from the -@ref{6f,,merchant} -@anchor{taler-developer-manual term-customer}@anchor{78} +@ref{6e,,merchant} +@anchor{taler-developer-manual term-customer}@anchor{77} @geindex customer @item customer individual that directs the buyer (perhaps the same individual) to make a purchase -@anchor{taler-developer-manual term-denomination}@anchor{7e} +@anchor{taler-developer-manual term-denomination}@anchor{7d} @geindex denomination @item denomination -unit of currency, specifies both the currency and the face value of a @ref{76,,coin}, +unit of currency, specifies both the currency and the face value of a @ref{75,,coin}, as well as associated fees and validity periods -@anchor{taler-developer-manual term-denomination-key}@anchor{80} +@anchor{taler-developer-manual term-denomination-key}@anchor{7f} @geindex denomination key @item denomination key -(RSA) key used by the exchange to certify that a given @ref{76,,coin} is valid and of a -particular @ref{7e,,denomination} -@anchor{taler-developer-manual term-deposit}@anchor{81} +(RSA) key used by the exchange to certify that a given @ref{75,,coin} is valid and of a +particular @ref{7d,,denomination} +@anchor{taler-developer-manual term-deposit}@anchor{80} @geindex deposit @item deposit operation by which a merchant passes coins to an exchange, expecting the exchange to credit his bank account in the future using an -@ref{6d,,aggregate} @ref{70,,wire transfer} -@anchor{taler-developer-manual term-dirty}@anchor{82} +@ref{6c,,aggregate} @ref{6f,,wire transfer} +@anchor{taler-developer-manual term-dirty}@anchor{81} @geindex dirty @item dirty -a @ref{76,,coin} is dirty if its public key may be known to an entity other than +a @ref{75,,coin} is dirty if its public key may be known to an entity other than the customer, thereby creating the danger of some entity being able to link multiple transactions of coin’s owner if the coin is not refreshed -@anchor{taler-developer-manual term-drain}@anchor{83} +@anchor{taler-developer-manual term-drain}@anchor{82} @geindex drain @item drain process by which an exchange operator takes the profits -(from @ref{7d,,fees}) out of the escrow account and moves them into +(from @ref{7c,,fees}) out of the escrow account and moves them into their regular business account -@anchor{taler-developer-manual term-empty}@anchor{7b} +@anchor{taler-developer-manual term-empty}@anchor{7a} @geindex empty @item empty -a @ref{7a,,reserve} is being emptied when a @ref{74,,wallet} is using the -reserve’s private key to @ref{7c,,withdraw} coins from it. This reduces +a @ref{79,,reserve} is being emptied when a @ref{73,,wallet} is using the +reserve’s private key to @ref{7b,,withdraw} coins from it. This reduces the balance of the reserve. Once the balance reaches zero, we say that the reserve has been (fully) emptied. Reserves that are not emptied -(which is the normal process) are @ref{79,,closed} by the exchange. -@anchor{taler-developer-manual term-exchange}@anchor{6e} +(which is the normal process) are @ref{78,,closed} by the exchange. +@anchor{taler-developer-manual term-exchange}@anchor{6d} @geindex exchange @item exchange Taler’s payment service operator. Issues electronic coins during withdrawal and redeems them when they are deposited by merchants -@anchor{taler-developer-manual term-expired}@anchor{84} +@anchor{taler-developer-manual term-expired}@anchor{83} @geindex expired @item expired @@ -3575,39 +3573,39 @@ expiration, which specifies how long the exchange keeps records beyond the deposit expiration time. This latter expiration matters for legal disputes in courts and also creates an upper limit for refreshing operations on special zombie coin -@anchor{taler-developer-manual term-fakebank}@anchor{85} +@anchor{taler-developer-manual term-fakebank}@anchor{84} @geindex fakebank @item fakebank -implementation of the @ref{71,,bank} API in memory to be used only for test +implementation of the @ref{70,,bank} API in memory to be used only for test cases. -@anchor{taler-developer-manual term-fee}@anchor{7d} +@anchor{taler-developer-manual term-fee}@anchor{7c} @geindex fee @item fee -an @ref{6e,,exchange} charges various fees for its service. The different +an @ref{6d,,exchange} charges various fees for its service. The different fees are specified in the protocol. There are fees per coin for -@ref{7c,,withdrawing}, @ref{81,,depositing}, @ref{86,,melting}, and -@ref{87,,refunding}. Furthermore, there are fees per wire transfer -when a @ref{7a,,reserve} is @ref{79,,closed} -and for @ref{6d,,aggregate} @ref{70,,wire transfers} -to the @ref{6f,,merchant}. -@anchor{taler-developer-manual term-fresh}@anchor{88} +@ref{7b,,withdrawing}, @ref{80,,depositing}, @ref{85,,melting}, and +@ref{86,,refunding}. Furthermore, there are fees per wire transfer +when a @ref{79,,reserve} is @ref{78,,closed} +and for @ref{6c,,aggregate} @ref{6f,,wire transfers} +to the @ref{6e,,merchant}. +@anchor{taler-developer-manual term-fresh}@anchor{87} @geindex fresh @item fresh -a @ref{76,,coin} is fresh if its public key is only known to the customer -@anchor{taler-developer-manual term-GNUnet}@anchor{6b} +a @ref{75,,coin} is fresh if its public key is only known to the customer +@anchor{taler-developer-manual term-GNUnet}@anchor{6a} @geindex GNUnet @item GNUnet Codebase of various libraries for a better Internet, some of which GNU Taler depends upon. -@anchor{taler-developer-manual term-JSON}@anchor{89} +@anchor{taler-developer-manual term-JSON}@anchor{88} @geindex JSON @item JSON @@ -3616,182 +3614,182 @@ JavaScript Object Notation (JSON) is a serialization format derived from the JavaScript language which is commonly used in the Taler protocol as the payload of HTTP requests and responses. -@anchor{taler-developer-manual term-kappa}@anchor{8a} +@anchor{taler-developer-manual term-kappa}@anchor{89} @geindex kappa @item kappa -security parameter used in the @ref{8b,,refresh} protocol. Defined to be 3. +security parameter used in the @ref{8a,,refresh} protocol. Defined to be 3. The probability of successfully evading the income transparency with the refresh protocol is 1:kappa. -@anchor{taler-developer-manual term-libeufin}@anchor{8c} +@anchor{taler-developer-manual term-libeufin}@anchor{8b} @geindex libeufin @item libeufin Kotlin component that implements a regional currency bank and an adapter to communicate via EBICS with European core banking systems. -@anchor{taler-developer-manual term-link}@anchor{8d} +@anchor{taler-developer-manual term-link}@anchor{8c} @geindex link @item link -specific step in the @ref{8b,,refresh} protocol that an exchange must offer -to prevent abuse of the @ref{8b,,refresh} mechanism. The link step is +specific step in the @ref{8a,,refresh} protocol that an exchange must offer +to prevent abuse of the @ref{8a,,refresh} mechanism. The link step is not needed in normal operation, it just must be offered. -@anchor{taler-developer-manual term-master-key}@anchor{8e} +@anchor{taler-developer-manual term-master-key}@anchor{8d} @geindex master key @item master key offline key used by the exchange to certify denomination keys and message signing keys -@anchor{taler-developer-manual term-melt}@anchor{86} +@anchor{taler-developer-manual term-melt}@anchor{85} @geindex melt @item melt -step of the @ref{8b,,refresh} protocol where a @ref{82,,dirty} @ref{76,,coin} -is invalidated to be reborn @ref{88,,fresh} in a subsequent -@ref{8f,,reveal} step. -@anchor{taler-developer-manual term-merchant}@anchor{6f} +step of the @ref{8a,,refresh} protocol where a @ref{81,,dirty} @ref{75,,coin} +is invalidated to be reborn @ref{87,,fresh} in a subsequent +@ref{8e,,reveal} step. +@anchor{taler-developer-manual term-merchant}@anchor{6e} @geindex merchant @item merchant party receiving payments (usually in return for goods or services) -@anchor{taler-developer-manual term-message-signing-key}@anchor{90} +@anchor{taler-developer-manual term-message-signing-key}@anchor{8f} @geindex message signing key @item message signing key key used by the exchange to sign online messages, other than coins -@anchor{taler-developer-manual term-order}@anchor{91} +@anchor{taler-developer-manual term-order}@anchor{90} @geindex order @item order offer made by the merchant to a wallet; pre-cursor to a contract where the wallet is not yet fixed. Turns -into a @ref{77,,contract} when a wallet claims the order. -@anchor{taler-developer-manual term-owner}@anchor{92} +into a @ref{76,,contract} when a wallet claims the order. +@anchor{taler-developer-manual term-owner}@anchor{91} @geindex owner @item owner a coin is owned by the entity that knows the private key of the coin -@anchor{taler-developer-manual term-planchet}@anchor{93} +@anchor{taler-developer-manual term-planchet}@anchor{92} @geindex planchet @item planchet -precursor data for a @ref{76,,coin}. A planchet includes the coin’s internal +precursor data for a @ref{75,,coin}. A planchet includes the coin’s internal secrets (coin private key, blinding factor), but lacks the RSA signature -of the @ref{6e,,exchange}. When @ref{7c,,withdrawing}, a @ref{74,,wallet} +of the @ref{6d,,exchange}. When @ref{7b,,withdrawing}, a @ref{73,,wallet} creates and persists a planchet before asking the exchange to sign it to get the coin. -@anchor{taler-developer-manual term-privacy-policy}@anchor{94} +@anchor{taler-developer-manual term-privacy-policy}@anchor{93} @geindex privacy policy @item privacy policy Statement of an operator how they will protect the privacy of users. -@anchor{taler-developer-manual term-proof}@anchor{95} +@anchor{taler-developer-manual term-proof}@anchor{94} @geindex proof @item proof Message that cryptographically demonstrates that a particular claim is correct. -@anchor{taler-developer-manual term-proposal}@anchor{96} +@anchor{taler-developer-manual term-proposal}@anchor{95} @geindex proposal @item proposal -a list of @ref{7f,,contract terms} that has been completed and signed by the +a list of @ref{7e,,contract terms} that has been completed and signed by the merchant backend. -@anchor{taler-developer-manual term-purchase}@anchor{97} +@anchor{taler-developer-manual term-purchase}@anchor{96} @geindex purchase @item purchase -Refers to the overall process of negotiating a @ref{77,,contract} and then -making a payment with @ref{76,,coins} to a @ref{6f,,merchant}. -@anchor{taler-developer-manual term-recoup}@anchor{98} +Refers to the overall process of negotiating a @ref{76,,contract} and then +making a payment with @ref{75,,coins} to a @ref{6e,,merchant}. +@anchor{taler-developer-manual term-recoup}@anchor{97} @geindex recoup @item recoup Operation by which an exchange returns the value of coins affected -by a @ref{99,,revocation} to their @ref{92,,owner}, either by allowing the owner to -withdraw new coins or wiring funds back to the bank account of the @ref{92,,owner}. -@anchor{taler-developer-manual term-refresh}@anchor{8b} +by a @ref{98,,revocation} to their @ref{91,,owner}, either by allowing the owner to +withdraw new coins or wiring funds back to the bank account of the @ref{91,,owner}. +@anchor{taler-developer-manual term-refresh}@anchor{8a} @geindex refresh @item refresh -operation by which a @ref{82,,dirty} @ref{76,,coin} is converted into one or more -@ref{88,,fresh} coins. Involves @ref{86,,melting} the @ref{82,,dirty} coins and -then @ref{8f,,revealing} so-called @ref{9a,,transfer keys}. -@anchor{taler-developer-manual term-refresh-commitment}@anchor{9b} +operation by which a @ref{81,,dirty} @ref{75,,coin} is converted into one or more +@ref{87,,fresh} coins. Involves @ref{85,,melting} the @ref{81,,dirty} coins and +then @ref{8e,,revealing} so-called @ref{99,,transfer keys}. +@anchor{taler-developer-manual term-refresh-commitment}@anchor{9a} @geindex refresh commitment @item refresh commitment -data that the wallet commits to during the @ref{86,,melt} stage of the -@ref{8b,,refresh} protocol where it -has to prove to the @ref{6e,,exchange} that it is deriving the @ref{88,,fresh} +data that the wallet commits to during the @ref{85,,melt} stage of the +@ref{8a,,refresh} protocol where it +has to prove to the @ref{6d,,exchange} that it is deriving the @ref{87,,fresh} coins as specified by the Taler protocol. The commitment is verified -probabilistically (see: @ref{8a,,kappa}) during the @ref{8f,,reveal} stage. -@anchor{taler-developer-manual term-refund}@anchor{87} +probabilistically (see: @ref{89,,kappa}) during the @ref{8e,,reveal} stage. +@anchor{taler-developer-manual term-refund}@anchor{86} @geindex refund @item refund operation by which a merchant steps back from the right to funds that he -obtained from a @ref{81,,deposit} operation, giving the right to the funds back +obtained from a @ref{80,,deposit} operation, giving the right to the funds back to the customer -@anchor{taler-developer-manual term-refund-transaction-id}@anchor{9c} +@anchor{taler-developer-manual term-refund-transaction-id}@anchor{9b} @geindex refund transaction id @item refund transaction id -unique number by which a merchant identifies a @ref{87,,refund}. Needed +unique number by which a merchant identifies a @ref{86,,refund}. Needed as refunds can be partial and thus there could be multiple refunds for -the same @ref{97,,purchase}. -@anchor{taler-developer-manual term-relative-time}@anchor{6c} +the same @ref{96,,purchase}. +@anchor{taler-developer-manual term-relative-time}@anchor{6b} @geindex relative time @item relative time -method of keeping time in @ref{6b,,GNUnet} where the time is represented +method of keeping time in @ref{6a,,GNUnet} where the time is represented as a relative number of microseconds. Thus, a relative time specifies an offset or a duration, but not a date. Called relative time in -contrast to @ref{6a,,absolute time}. -@anchor{taler-developer-manual term-reserve}@anchor{7a} +contrast to @ref{69,,absolute time}. +@anchor{taler-developer-manual term-reserve}@anchor{79} @geindex reserve @item reserve accounting mechanism used by the exchange to track customer funds -from incoming @ref{70,,wire transfers}. A reserve is created whenever +from incoming @ref{6f,,wire transfers}. A reserve is created whenever a customer wires money to the exchange using a well-formed public key -in the subject. The exchange then allows the customer’s @ref{74,,wallet} -to @ref{7c,,withdraw} up to the amount received in @ref{88,,fresh} -@ref{76,,coins} from the reserve, thereby emptying the reserve. If a -reserve is not emptied, the exchange will eventually @ref{79,,close} it. +in the subject. The exchange then allows the customer’s @ref{73,,wallet} +to @ref{7b,,withdraw} up to the amount received in @ref{87,,fresh} +@ref{75,,coins} from the reserve, thereby emptying the reserve. If a +reserve is not emptied, the exchange will eventually @ref{78,,close} it. Other definition: Funds set aside for future use; either the balance of a customer at the exchange ready for withdrawal, or the funds kept in the exchange;s bank account to cover obligations from coins in circulation. -@anchor{taler-developer-manual term-reveal}@anchor{8f} +@anchor{taler-developer-manual term-reveal}@anchor{8e} @geindex reveal @item reveal -step in the @ref{8b,,refresh} protocol where some of the transfer private +step in the @ref{8a,,refresh} protocol where some of the transfer private keys are revealed to prove honest behavior on the part of the wallet. -In the reveal step, the exchange returns the signed @ref{88,,fresh} coins. -@anchor{taler-developer-manual term-revoke}@anchor{99} +In the reveal step, the exchange returns the signed @ref{87,,fresh} coins. +@anchor{taler-developer-manual term-revoke}@anchor{98} @geindex revoke @item revoke @@ -3800,79 +3798,79 @@ exceptional operation by which an exchange withdraws a denomination from circulation, either because the signing key was compromised or because the exchange is going out of operation; unspent coins of a revoked denomination are subjected to recoup. -@anchor{taler-developer-manual term-sharing}@anchor{9d} +@anchor{taler-developer-manual term-sharing}@anchor{9c} @geindex sharing @item sharing -users can share ownership of a @ref{76,,coin} by sharing access to the coin's +users can share ownership of a @ref{75,,coin} by sharing access to the coin's private key, thereby allowing all co-owners to spend the coin at any time. -@anchor{taler-developer-manual term-spend}@anchor{75} +@anchor{taler-developer-manual term-spend}@anchor{74} @geindex spend @item spend operation by which a customer gives a merchant the right to deposit coins in return for merchandise -@anchor{taler-developer-manual term-terms}@anchor{9e} +@anchor{taler-developer-manual term-terms}@anchor{9d} @geindex terms @item terms the general terms of service of an operator, possibly including -the @ref{94,,privacy policy}. Not to be confused with the -@ref{7f,,contract terms} which are about the specific purchase. -@anchor{taler-developer-manual term-transaction}@anchor{9f} +the @ref{93,,privacy policy}. Not to be confused with the +@ref{7e,,contract terms} which are about the specific purchase. +@anchor{taler-developer-manual term-transaction}@anchor{9e} @geindex transaction @item transaction method by which ownership is exclusively transferred from one entity -@anchor{taler-developer-manual term-transfer-key}@anchor{9a} +@anchor{taler-developer-manual term-transfer-key}@anchor{99} @geindex transfer key @item transfer key -special cryptographic key used in the @ref{8b,,refresh} protocol, some of which -are revealed during the @ref{8f,,reveal} step. Note that transfer keys have, -despite the name, no relationship to @ref{70,,wire transfers}. They merely -help to transfer the value from a @ref{82,,dirty} coin to a @ref{88,,fresh} coin -@anchor{taler-developer-manual term-user}@anchor{a0} +special cryptographic key used in the @ref{8a,,refresh} protocol, some of which +are revealed during the @ref{8e,,reveal} step. Note that transfer keys have, +despite the name, no relationship to @ref{6f,,wire transfers}. They merely +help to transfer the value from a @ref{81,,dirty} coin to a @ref{87,,fresh} coin +@anchor{taler-developer-manual term-user}@anchor{9f} @geindex user @item user any individual using the Taler payment system -(see @ref{78,,customer}, @ref{73,,buyer}, @ref{6f,,merchant}). -@anchor{taler-developer-manual term-version}@anchor{a1} +(see @ref{77,,customer}, @ref{72,,buyer}, @ref{6e,,merchant}). +@anchor{taler-developer-manual term-version}@anchor{a0} @geindex version @item version Taler uses various forms of versioning. There is a database schema version (stored itself in the database, see *-0000.sql) describing -the state of the table structure in the database of an @ref{6e,,exchange}, -@ref{72,,auditor} or @ref{6f,,merchant}. There is a protocol +the state of the table structure in the database of an @ref{6d,,exchange}, +@ref{71,,auditor} or @ref{6e,,merchant}. There is a protocol version (CURRENT:REVISION:AGE, see GNU libtool) which specifies -the network protocol spoken by an @ref{6e,,exchange} or @ref{6f,,merchant} +the network protocol spoken by an @ref{6d,,exchange} or @ref{6e,,merchant} including backwards-compatibility. And finally there is the software release version (MAJOR.MINOR.PATCH, see @indicateurl{https://semver.org/}) of the respective code base. -@anchor{taler-developer-manual term-wallet}@anchor{74} +@anchor{taler-developer-manual term-wallet}@anchor{73} @geindex wallet @item wallet software running on a customer’s computer; withdraws, stores and spends coins -@anchor{taler-developer-manual term-WebExtension}@anchor{a2} +@anchor{taler-developer-manual term-WebExtension}@anchor{a1} @geindex WebExtension @item WebExtension Cross-browser API used to implement the GNU Taler wallet browser extension. -@anchor{taler-developer-manual term-wire-gateway}@anchor{a3} +@anchor{taler-developer-manual term-wire-gateway}@anchor{a2} @geindex wire gateway @item wire gateway @@ -3881,13 +3879,13 @@ API used by the exchange to talk with some real-time gross settlement system (core banking system, blockchain) to notice inbound credits wire transfers (during withdraw) and to trigger outbound debit wire transfers (primarily for deposits). -@anchor{taler-developer-manual term-wire-transfer}@anchor{70} +@anchor{taler-developer-manual term-wire-transfer}@anchor{6f} @geindex wire transfer @item wire transfer -a wire transfer is a method of sending funds between @ref{71,,bank} accounts -@anchor{taler-developer-manual term-wire-transfer-identifier}@anchor{a4} +a wire transfer is a method of sending funds between @ref{70,,bank} accounts +@anchor{taler-developer-manual term-wire-transfer-identifier}@anchor{a3} @geindex wire transfer identifier @item wire transfer identifier @@ -3895,26 +3893,26 @@ a wire transfer is a method of sending funds between @ref{71,,bank} accounts Subject of a wire transfer from the exchange to a merchant; set by the aggregator to a random nonce which uniquely identifies the transfer. -@anchor{taler-developer-manual term-withdraw}@anchor{7c} +@anchor{taler-developer-manual term-withdraw}@anchor{7b} @geindex withdraw @item withdraw -operation by which a @ref{74,,wallet} can convert funds from a @ref{7a,,reserve} to +operation by which a @ref{73,,wallet} can convert funds from a @ref{79,,reserve} to fresh coins -@anchor{taler-developer-manual term-zombie}@anchor{a5} +@anchor{taler-developer-manual term-zombie}@anchor{a4} @geindex zombie @item zombie -@ref{76,,coin} where the respective @ref{80,,denomination key} is past its -@ref{81,,deposit} @ref{84,,expiration} time, but which is still (again) valid -for an operation because it was @ref{86,,melted} while it was still -valid, and then later again credited during a @ref{98,,recoup} process +@ref{75,,coin} where the respective @ref{7f,,denomination key} is past its +@ref{80,,deposit} @ref{83,,expiration} time, but which is still (again) valid +for an operation because it was @ref{85,,melted} while it was still +valid, and then later again credited during a @ref{97,,recoup} process @end table @node Developer Tools,Index,Developer Glossary,Top -@anchor{taler-developer-manual developer-tools}@anchor{a6} +@anchor{taler-developer-manual developer-tools}@anchor{a5} @chapter Developer Tools @@ -3927,7 +3925,7 @@ developer. @end menu @node taler-harness,,,Developer Tools -@anchor{taler-developer-manual taler-harness}@anchor{a7} +@anchor{taler-developer-manual taler-harness}@anchor{a6} @section taler-harness diff --git a/texinfo/taler-exchange.texi b/texinfo/taler-exchange.texi index 16f3a2d9..6f38ccdb 100644 --- a/texinfo/taler-exchange.texi +++ b/texinfo/taler-exchange.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -148,6 +148,10 @@ KYC Configuration * Persona specifics:: * KYC AID specifics:: +Taler KYC Terminology + +* Configuration of possible KYC/AML checks:: + Deployment * Serving:: @@ -167,6 +171,8 @@ AML Configuration * AML Officer Setup:: * AML Triggers:: * AML Forms:: +* AML Programs:: +* AML Measures:: Testing and Troubleshooting @@ -916,7 +922,11 @@ For Ubuntu Mantic use this instead: deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ mantic taler-mantic @end example -The last line is crucial, as it adds the GNU Taler packages. +For Ubuntu Noble use this instead: + +@example +deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ noble taler-noble +@end example Next, you must import the Taler Systems SA public package signing key into your keyring and update the package lists: @@ -1164,16 +1174,11 @@ variables that are unset, by using the following syntax: @code{$@{VAR:-default@}}. There are two ways a user can set the value of @code{$}-prefixable variables: -@quotation - @enumerate @item by defining them under a @code{[paths]} section: -@end enumerate - -@quotation @example [paths] @@ -1182,22 +1187,14 @@ TALER_DEPLOYMENT_SHARED = $@{HOME@}/shared-data [section-x] path-x = $@{TALER_DEPLOYMENT_SHARED@}/x @end example -@end quotation - - -@enumerate 2 @item or by setting them in the environment: -@end enumerate - -@quotation @example $ export VAR=/x @end example -@end quotation -@end quotation +@end enumerate The configuration loader will give precedence to variables set under @code{[path]} over environment variables. @@ -2150,8 +2147,28 @@ implementing the respective API. `logic'. @end itemize +@menu +* Configuration of possible KYC/AML checks:: + +@end menu + +@node Configuration of possible KYC/AML checks,,,Taler KYC Terminology +@anchor{taler-exchange-manual configuration-of-possible-kyc-aml-checks}@anchor{30} +@subsection Configuration of possible KYC/AML checks + + +The configuration specifies a set of possible KYC checks offered by external +providers. The names of the configuration sections must being with +@code{kyc-check-} followed by an arbitrary @code{$CHECK_NAME}. + +The list of possible FORM names is fixed in the SPA +for a particular exchange release. + +The outcome of `any' check should always be uploaded encrypted into the +@code{kyc_attributes} table. It MUST include an @code{expiration_time}. + @node KYC Configuration Options,OAuth 2 0 specifics,Taler KYC Terminology,KYC Configuration -@anchor{taler-exchange-manual kyc-configuration-options}@anchor{30} +@anchor{taler-exchange-manual kyc-configuration-options}@anchor{31} @section KYC Configuration Options @@ -2223,7 +2240,7 @@ TIMEFRAME = 30d @node OAuth 2 0 specifics,Persona specifics,KYC Configuration Options,KYC Configuration -@anchor{taler-exchange-manual oauth-2-0-specifics}@anchor{31} +@anchor{taler-exchange-manual oauth-2-0-specifics}@anchor{32} @section OAuth 2.0 specifics @@ -2304,7 +2321,7 @@ configuration above and an exchange running on the host @code{https://exchange.example.com/kyc-proof/kyc-provider-challenger-oauth2/}. @node Persona specifics,KYC AID specifics,OAuth 2 0 specifics,KYC Configuration -@anchor{taler-exchange-manual persona-specifics}@anchor{32} +@anchor{taler-exchange-manual persona-specifics}@anchor{33} @section Persona specifics @@ -2372,7 +2389,7 @@ in JSON) expected by the exchange. The script will need to be adjusted based on the attributes collected by the specific template. @node KYC AID specifics,,Persona specifics,KYC Configuration -@anchor{taler-exchange-manual kyc-aid-specifics}@anchor{33} +@anchor{taler-exchange-manual kyc-aid-specifics}@anchor{34} @section KYC AID specifics @@ -2419,7 +2436,7 @@ need to be adjusted based on the attributes collected by the specific template. @node Deployment,Offline Signing Setup Key Maintenance and Tear-Down,KYC Configuration,Top -@anchor{taler-exchange-manual deployment}@anchor{34}@anchor{taler-exchange-manual id4}@anchor{35} +@anchor{taler-exchange-manual deployment}@anchor{35}@anchor{taler-exchange-manual id4}@anchor{36} @chapter Deployment @@ -2434,7 +2451,7 @@ and configuration are completed. @end menu @node Serving,Reverse Proxy Setup,,Deployment -@anchor{taler-exchange-manual id5}@anchor{36}@anchor{taler-exchange-manual serving}@anchor{37} +@anchor{taler-exchange-manual id5}@anchor{37}@anchor{taler-exchange-manual serving}@anchor{38} @section Serving @@ -2470,7 +2487,7 @@ the group under which the exchange HTTP server is running. @end itemize @node Reverse Proxy Setup,Launching an exchange,Serving,Deployment -@anchor{taler-exchange-manual reverse-proxy-setup}@anchor{38}@anchor{taler-exchange-manual reverseproxy}@anchor{39} +@anchor{taler-exchange-manual reverse-proxy-setup}@anchor{39}@anchor{taler-exchange-manual reverseproxy}@anchor{3a} @section Reverse Proxy Setup @@ -2518,7 +2535,7 @@ With this last step, we are finally ready to launch the main exchange process. @node Launching an exchange,,Reverse Proxy Setup,Deployment -@anchor{taler-exchange-manual launch}@anchor{3a}@anchor{taler-exchange-manual launching-an-exchange}@anchor{3b} +@anchor{taler-exchange-manual launch}@anchor{3b}@anchor{taler-exchange-manual launching-an-exchange}@anchor{3c} @section Launching an exchange @@ -2618,7 +2635,7 @@ The request might take some time to complete on slow machines, because a lot of key material will be generated. @node Offline Signing Setup Key Maintenance and Tear-Down,AML Configuration,Deployment,Top -@anchor{taler-exchange-manual offline-signing-setup-key-maintenance-and-tear-down}@anchor{3c} +@anchor{taler-exchange-manual offline-signing-setup-key-maintenance-and-tear-down}@anchor{3d} @chapter Offline Signing Setup, Key Maintenance and Tear-Down @@ -2681,7 +2698,7 @@ The following sections will discuss these steps in more depth. @end menu @node Signing the online signing keys,Account signing,,Offline Signing Setup Key Maintenance and Tear-Down -@anchor{taler-exchange-manual keys-generation}@anchor{3d}@anchor{taler-exchange-manual signing-the-online-signing-keys}@anchor{3e} +@anchor{taler-exchange-manual keys-generation}@anchor{3e}@anchor{taler-exchange-manual signing-the-online-signing-keys}@anchor{3f} @section Signing the online signing keys @@ -2723,7 +2740,7 @@ periodically, as it signs the various online signing keys of the exchange which periodically expire. @node Account signing,Wire fee structure,Signing the online signing keys,Offline Signing Setup Key Maintenance and Tear-Down -@anchor{taler-exchange-manual account-signing}@anchor{3f}@anchor{taler-exchange-manual exchange-account-signing}@anchor{40} +@anchor{taler-exchange-manual account-signing}@anchor{40}@anchor{taler-exchange-manual exchange-account-signing}@anchor{41} @section Account signing @@ -2749,7 +2766,7 @@ For details on optional @code{enable-account} arguments, see manpages/taler-exchange-offline.1. @node Wire fee structure,Auditor configuration,Account signing,Offline Signing Setup Key Maintenance and Tear-Down -@anchor{taler-exchange-manual id6}@anchor{41}@anchor{taler-exchange-manual wire-fee-structure}@anchor{42} +@anchor{taler-exchange-manual id6}@anchor{42}@anchor{taler-exchange-manual wire-fee-structure}@anchor{43} @section Wire fee structure @@ -2786,7 +2803,7 @@ this maintenance activity! @end cartouche @node Auditor configuration,Revocations,Wire fee structure,Offline Signing Setup Key Maintenance and Tear-Down -@anchor{taler-exchange-manual auditor-configuration}@anchor{43}@anchor{taler-exchange-manual id7}@anchor{44} +@anchor{taler-exchange-manual auditor-configuration}@anchor{44}@anchor{taler-exchange-manual id7}@anchor{45} @section Auditor configuration @@ -2814,7 +2831,7 @@ As before, the `auditor.json' file must then be copied from the offline system to a system connected to the exchange and there @code{uploaded} to the exchange using @code{taler-exchange-offline upload}. @node Revocations,,Auditor configuration,Offline Signing Setup Key Maintenance and Tear-Down -@anchor{taler-exchange-manual id8}@anchor{45}@anchor{taler-exchange-manual revocations}@anchor{46} +@anchor{taler-exchange-manual id8}@anchor{46}@anchor{taler-exchange-manual revocations}@anchor{47} @section Revocations @@ -2847,7 +2864,7 @@ operation. @end cartouche @node AML Configuration,Setup Linting,Offline Signing Setup Key Maintenance and Tear-Down,Top -@anchor{taler-exchange-manual aml-configuration}@anchor{47} +@anchor{taler-exchange-manual aml-configuration}@anchor{48} @chapter AML Configuration @@ -2863,11 +2880,13 @@ amount above which a further AML review is triggered. * AML Officer Setup:: * AML Triggers:: * AML Forms:: +* AML Programs:: +* AML Measures:: @end menu @node AML Officer Setup,AML Triggers,,AML Configuration -@anchor{taler-exchange-manual aml-officer-setup}@anchor{48} +@anchor{taler-exchange-manual aml-officer-setup}@anchor{49} @section AML Officer Setup @@ -2903,7 +2922,7 @@ Access rights can be revoked at any time using: @end example @node AML Triggers,AML Forms,AML Officer Setup,AML Configuration -@anchor{taler-exchange-manual aml-triggers}@anchor{49} +@anchor{taler-exchange-manual aml-triggers}@anchor{4a} @section AML Triggers @@ -2954,8 +2973,8 @@ account for manual review. To disable this trigger, simply leave the option to its default value of '[/usr/bin/]true'. To flag all new users for manual review, simply set the program to '[/usr/bin/]false'. -@node AML Forms,,AML Triggers,AML Configuration -@anchor{taler-exchange-manual aml-forms}@anchor{4a} +@node AML Forms,AML Programs,AML Triggers,AML Configuration +@anchor{taler-exchange-manual aml-forms}@anchor{4b} @section AML Forms @@ -2997,8 +3016,170 @@ It is much easier to download @code{@@gnu-taler/aml-backoffice-ui} source from @code{https://git.taler.net/wallet-core.git/}, compile and copy the file from the @code{dist/prod}. +@node AML Programs,AML Measures,AML Forms,AML Configuration +@anchor{taler-exchange-manual aml-programs}@anchor{4c} +@section AML Programs + + +AML programs are helper programs that can: + + +@itemize * + +@item +Generate a list of `required' context field names +for the helper (introspection!) using the "--required-context" +command-line switch. The output should use the same +syntax as the REQUIRES clause of @code{[kyc-check-]} +configuration sections, except that new lines +MUST be used to separate fields instead of ";". + +@item +Generate a list of `required' attribute names +for the helper (introspection!) using the "--required-attributes" +command-line switch. The output should use the same +list of names as the ATTRIBUTES in the +@code{[kyc-provider-]} configuration section +(but may also include FORM field names). + +@item +Process an input JSON object of type +@ref{4d,,AmlProgramInput} into a JSON object of +type @ref{4e,,AmlOutcome}. +This is the default behavior if no command-line switches +are provided. +@end itemize + +@example +interface AmlProgramInput @{ + + // JSON object that was provided as + // part of the *measure*. This JSON object is + // provided under "context" in the main JSON object + // input to the AML program. This "context" should + // satify both the REQUIRES clause of the respective + // check and the output of "--requires" from the + // AML program's command-line option. + context?: Object; + + // JSON object that captures the + // output of a `@w{`}[kyc-provider-]`@w{`} or (HTML) FORM. + // The keys in the JSON object will be the attribute + // names and the values must be strings representing + // the data. In the case of file uploads, the data + // MUST be base64-encoded. + attributes: Object; + + // JSON array with the results of historic + // AML desisions about the account. + aml_history: AmlDecisionDetail[]; + + // JSON array with the results of historic + // KYC data about the account. + kyc_history: KycDetail[]; + +@} +@end example + +@example +interface AmlOutcome @{ + + // Should the client's account be investigated + // by AML staff? + // Defaults to false. + to_investigate?: boolean; + + // Free-form properties about the account. + // Can be used to store properties such as PEP, + // risk category, type of business, hits on + // sanctions lists, etc. + properties?: AccountProperties; + + // Types of events to add to the KYC events table. + // (for statistics). + events?: string[]; + + // KYC rules to apply. Note that this + // overrides *all* of the default rules + // until the `@w{`}expiration_time`@w{`} and specifies + // the successor measure to apply after the + // expiration time. + new_rules: LegitimizationRuleSet; + +@} +@end example + +If the AML program fails (exits with a failure code or +does not provide well-formed JSON output) the AML/KYC +process continues with the FALLBACK measure. This should +usually be one that asks AML staff to contact the +systems administrator. + +AML programs are listed in the configuration file, one program per section: + +@example +[aml-program-$PROG_NAME] + +# Program to run. +COMMAND = taler-helper-aml-pep + +# Human-readable description of what this +# AML helper program will do. Used to show +# to the AML staff. +DESCRIPTION = "check if the customer is a PEP" + +# True if this AML program is enabled (and thus can be +# used in measures and exposed to AML staff). +# Optional, default is NO. +ENABLED = YES + +# **original** measure to take if COMMAND fails +# Usually points to a measure that asks AML staff +# to contact the systems administrator. The fallback measure +# context always includes the reasons for the +# failure. +FALLBACK = MEASURE_NAME +@end example + +@node AML Measures,,AML Programs,AML Configuration +@anchor{taler-exchange-manual aml-measures}@anchor{4f} +@section AML Measures + + +The exchange configuration specifies a set of +`original' `measures' one per configuration section: + +@example +[kyc-measure-$MEASURE_NAME] + +# Possible check for this measure. Optional. +# If not given, PROGRAM should be run immediately +# (on an empty set of attributes). +CHECK_NAME = IB_FORM + +# Context for the check. The context can be +# just an empty JSON object if there is none. +CONTEXT = @{"choices":["individual","business"]@} + +# Program to run on the context and check data to +# determine the outcome and next measure. +PROGRAM = taler-aml-program +@end example + +If no @code{CHECK_NAME} is provided at all, the AML @code{PROGRAM} is to be run +immediately. This is useful if no client-interaction is required to arrive at +a decision. + +@cartouche +@quotation Note +The list of `measures' is not complete: AML staff may freely define new +measures dynamically, usually by selecting checks, an AML program, and +providing context. +@end quotation +@end cartouche + @node Setup Linting,Testing and Troubleshooting,AML Configuration,Top -@anchor{taler-exchange-manual setup-linting}@anchor{4b} +@anchor{taler-exchange-manual setup-linting}@anchor{50} @chapter Setup Linting @@ -3015,7 +3196,7 @@ You can optionally pass the @code{--debug} option to get more verbose output, an failed. @node Testing and Troubleshooting,Template Customization,Setup Linting,Top -@anchor{taler-exchange-manual testing-and-troubleshooting}@anchor{4c} +@anchor{taler-exchange-manual testing-and-troubleshooting}@anchor{51} @chapter Testing and Troubleshooting @@ -3122,12 +3303,12 @@ taler-wallet. @end menu @node taler-config,Using taler-config,,Testing and Troubleshooting -@anchor{taler-exchange-manual taler-config}@anchor{4d} +@anchor{taler-exchange-manual taler-config}@anchor{52} @section taler-config @node Using taler-config,Private key storage,taler-config,Testing and Troubleshooting -@anchor{taler-exchange-manual using-taler-002dconfig-exchange}@anchor{4e}@anchor{taler-exchange-manual using-taler-config}@anchor{4f} +@anchor{taler-exchange-manual using-taler-002dconfig-exchange}@anchor{53}@anchor{taler-exchange-manual using-taler-config}@anchor{54} @section Using taler-config @@ -3181,7 +3362,7 @@ While the configuration file is typically located at GNU Taler component using the @code{-c} option. @node Private key storage,Internal audits,Using taler-config,Testing and Troubleshooting -@anchor{taler-exchange-manual private-key-storage}@anchor{50} +@anchor{taler-exchange-manual private-key-storage}@anchor{55} @section Private key storage @@ -3193,7 +3374,7 @@ regenerated. However, we do recommend using RAID (1+1 or 1+1+1) for all disks of the system. @node Internal audits,Database Scheme,Private key storage,Testing and Troubleshooting -@anchor{taler-exchange-manual internal-audit}@anchor{51}@anchor{taler-exchange-manual internal-audits}@anchor{52} +@anchor{taler-exchange-manual internal-audit}@anchor{56}@anchor{taler-exchange-manual internal-audits}@anchor{57} @section Internal audits @@ -3221,7 +3402,7 @@ from the very beginning, this is generally not recommended as this may be too expensive. @node Database Scheme,Database upgrades,Internal audits,Testing and Troubleshooting -@anchor{taler-exchange-manual database-scheme}@anchor{53}@anchor{taler-exchange-manual id9}@anchor{54} +@anchor{taler-exchange-manual database-scheme}@anchor{58}@anchor{taler-exchange-manual id9}@anchor{59} @section Database Scheme @@ -3236,8 +3417,24 @@ The database scheme used by the exchange looks as follows: @image{taler-exchange-figures/exchange-db,,,,png} +The @code{jmeasures} JSON in the @code{legitimization_measures} +table is of type @ref{5a,,LegitimizationMeasures}: + +@example +interface LegitimizationMeasures @{ + + // Array of legitimization measures that + // are to be applied. + measures: MeasureInformation[]; + + // True if the client is expected to eventually satisfy all requirements. + // Default (if missing) is false. + is_and_combinator?: boolean; +@} +@end example + @node Database upgrades,,Database Scheme,Testing and Troubleshooting -@anchor{taler-exchange-manual database-upgrades}@anchor{55}@anchor{taler-exchange-manual id10}@anchor{56} +@anchor{taler-exchange-manual database-upgrades}@anchor{5b}@anchor{taler-exchange-manual id10}@anchor{5c} @section Database upgrades @@ -3275,12 +3472,12 @@ not be performed in a production system. You still also need to then grant the permissions to the other exchange processes again. @node Template Customization,Benchmarking,Testing and Troubleshooting,Top -@anchor{taler-exchange-manual exchangetemplatecustomization}@anchor{57}@anchor{taler-exchange-manual template-customization}@anchor{58} +@anchor{taler-exchange-manual exchangetemplatecustomization}@anchor{5d}@anchor{taler-exchange-manual template-customization}@anchor{5e} @chapter Template Customization The Exchange comes with various HTML templates that are shown to -guide users through the KYC process. The Exchange uses Mustach@footnote{https://gitlab.com/jbol/mustach} as the templating engine. This section +guide users through the KYC process. The Exchange uses C implementation of mustache@footnote{https://gitlab.com/jobol/mustach} as the templating engine. This section describes the various templates. In general, the templates must be installed to the @code{share/taler/exchange/templates/} directory. The file names must be of the form @code{$NAME.$LANG.must} where @code{$NAME} is the name of the template and @@ -3313,7 +3510,7 @@ subsection titles are the @code{$NAME} of the respective template. @end menu @node Generic Errors Templates,kycaid-invalid-request,,Template Customization -@anchor{taler-exchange-manual generic-errors-templates}@anchor{59} +@anchor{taler-exchange-manual generic-errors-templates}@anchor{5f} @section Generic Errors Templates @@ -3363,7 +3560,7 @@ on the error, should be shown to provide additional context @end quotation @node kycaid-invalid-request,oauth2-authentication-failure,Generic Errors Templates,Template Customization -@anchor{taler-exchange-manual kycaid-invalid-request}@anchor{5a} +@anchor{taler-exchange-manual kycaid-invalid-request}@anchor{60} @section kycaid-invalid-request @@ -3397,7 +3594,7 @@ error_uri: optional URI with further details about the error from the server @end quotation @node oauth2-authentication-failure,oauth2-authorization-failure,kycaid-invalid-request,Template Customization -@anchor{taler-exchange-manual oauth2-authentication-failure}@anchor{5b} +@anchor{taler-exchange-manual oauth2-authentication-failure}@anchor{61} @section oauth2-authentication-failure @@ -3422,7 +3619,7 @@ user to understand the error @end quotation @node oauth2-authorization-failure,oauth2-authorization-failure-malformed,oauth2-authentication-failure,Template Customization -@anchor{taler-exchange-manual oauth2-authorization-failure}@anchor{5c} +@anchor{taler-exchange-manual oauth2-authorization-failure}@anchor{62} @section oauth2-authorization-failure @@ -3454,7 +3651,7 @@ error_message: String; error message from the server @end quotation @node oauth2-authorization-failure-malformed,oauth2-bad-request,oauth2-authorization-failure,Template Customization -@anchor{taler-exchange-manual oauth2-authorization-failure-malformed}@anchor{5d} +@anchor{taler-exchange-manual oauth2-authorization-failure-malformed}@anchor{63} @section oauth2-authorization-failure-malformed @@ -3485,7 +3682,7 @@ server_response: Object; could be NULL; this includes the (malformed) OAuth2 ser @end quotation @node oauth2-bad-request,oauth2-conversion-failure,oauth2-authorization-failure-malformed,Template Customization -@anchor{taler-exchange-manual oauth2-bad-request}@anchor{5e} +@anchor{taler-exchange-manual oauth2-bad-request}@anchor{64} @section oauth2-bad-request @@ -3512,7 +3709,7 @@ message: String; additional error message elaborating on what was bad about the @end quotation @node oauth2-conversion-failure,oauth2-provider-failure,oauth2-bad-request,Template Customization -@anchor{taler-exchange-manual oauth2-conversion-failure}@anchor{5f} +@anchor{taler-exchange-manual oauth2-conversion-failure}@anchor{65} @section oauth2-conversion-failure @@ -3549,7 +3746,7 @@ message: error message elaborating on the conversion failure @end quotation @node oauth2-provider-failure,persona-exchange-unauthorized,oauth2-conversion-failure,Template Customization -@anchor{taler-exchange-manual oauth2-provider-failure}@anchor{60} +@anchor{taler-exchange-manual oauth2-provider-failure}@anchor{66} @section oauth2-provider-failure @@ -3577,7 +3774,7 @@ message: String; could be NULL; text elaborating on the details of the failure @end quotation @node persona-exchange-unauthorized,persona-load-failure,oauth2-provider-failure,Template Customization -@anchor{taler-exchange-manual persona-exchange-unauthorized}@anchor{61} +@anchor{taler-exchange-manual persona-exchange-unauthorized}@anchor{67} @section persona-exchange-unauthorized @@ -3607,7 +3804,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-load-failure,persona-exchange-unpaid,persona-exchange-unauthorized,Template Customization -@anchor{taler-exchange-manual persona-load-failure}@anchor{62} +@anchor{taler-exchange-manual persona-load-failure}@anchor{68} @section persona-load-failure @@ -3637,7 +3834,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-exchange-unpaid,persona-logic-failure,persona-load-failure,Template Customization -@anchor{taler-exchange-manual persona-exchange-unpaid}@anchor{63} +@anchor{taler-exchange-manual persona-exchange-unpaid}@anchor{69} @section persona-exchange-unpaid @@ -3667,7 +3864,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-logic-failure,persona-invalid-response,persona-exchange-unpaid,Template Customization -@anchor{taler-exchange-manual persona-logic-failure}@anchor{64} +@anchor{taler-exchange-manual persona-logic-failure}@anchor{6a} @section persona-logic-failure @@ -3697,7 +3894,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-invalid-response,persona-network-timeout,persona-logic-failure,Template Customization -@anchor{taler-exchange-manual persona-invalid-response}@anchor{65} +@anchor{taler-exchange-manual persona-invalid-response}@anchor{6b} @section persona-invalid-response @@ -3728,7 +3925,7 @@ server_response: Object; could be NULL; this includes the (malformed) OAuth2 ser @end quotation @node persona-network-timeout,persona-kyc-failed,persona-invalid-response,Template Customization -@anchor{taler-exchange-manual persona-network-timeout}@anchor{66} +@anchor{taler-exchange-manual persona-network-timeout}@anchor{6c} @section persona-network-timeout @@ -3758,7 +3955,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-kyc-failed,persona-provider-failure,persona-network-timeout,Template Customization -@anchor{taler-exchange-manual persona-kyc-failed}@anchor{67} +@anchor{taler-exchange-manual persona-kyc-failed}@anchor{6d} @section persona-kyc-failed @@ -3783,7 +3980,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node persona-provider-failure,,persona-kyc-failed,Template Customization -@anchor{taler-exchange-manual persona-provider-failure}@anchor{68} +@anchor{taler-exchange-manual persona-provider-failure}@anchor{6e} @section persona-provider-failure @@ -3813,7 +4010,7 @@ persona_http_status: Integer; HTTP status code returned by Persona @end quotation @node Benchmarking,FIXMEs,Template Customization,Top -@anchor{taler-exchange-manual benchmarking}@anchor{69}@anchor{taler-exchange-manual exchangebenchmarking}@anchor{6a} +@anchor{taler-exchange-manual benchmarking}@anchor{6f}@anchor{taler-exchange-manual exchangebenchmarking}@anchor{70} @chapter Benchmarking @@ -3853,7 +4050,7 @@ some options that are determined at runtime by the setup logic provided by @end menu @node Choosing a bank,taler-bank-benchmark,,Benchmarking -@anchor{taler-exchange-manual benchmark-choose-bank}@anchor{6b}@anchor{taler-exchange-manual choosing-a-bank}@anchor{6c} +@anchor{taler-exchange-manual benchmark-choose-bank}@anchor{71}@anchor{taler-exchange-manual choosing-a-bank}@anchor{72} @section Choosing a bank @@ -3891,7 +4088,7 @@ $ taler-unified-setup.sh -emwt -c $CONF -ns -u exchange-account-2 @end example @node taler-bank-benchmark,taler-exchange-benchmark,Choosing a bank,Benchmarking -@anchor{taler-exchange-manual taler-bank-benchmark}@anchor{6d} +@anchor{taler-exchange-manual taler-bank-benchmark}@anchor{73} @section taler-bank-benchmark @@ -3918,7 +4115,7 @@ Exchange's account with the respective reserve public key as wire subject. Processing is then handled by `parallel' (@code{-P}) service workers. @node taler-exchange-benchmark,taler-aggregator-benchmark,taler-bank-benchmark,Benchmarking -@anchor{taler-exchange-manual taler-exchange-benchmark}@anchor{6e} +@anchor{taler-exchange-manual taler-exchange-benchmark}@anchor{74} @section taler-exchange-benchmark @@ -3956,7 +4153,7 @@ repetitions (i.e. if the operation failed the first time), total execution time (operating system and user space) and other details. @node taler-aggregator-benchmark,,taler-exchange-benchmark,Benchmarking -@anchor{taler-exchange-manual taler-aggregator-benchmark}@anchor{6f} +@anchor{taler-exchange-manual taler-aggregator-benchmark}@anchor{75} @section taler-aggregator-benchmark @@ -3979,7 +4176,7 @@ time a single aggregator process in @code{--test} mode (asking it to terminate as soon as there is no more pending work). @node FIXMEs,Index,Benchmarking,Top -@anchor{taler-exchange-manual fixmes}@anchor{70} +@anchor{taler-exchange-manual fixmes}@anchor{76} @chapter FIXMEs @@ -4002,6 +4199,12 @@ How to recover from that as a sysadmin when it happens in practice? @printindex ge +@anchor{taler-exchange-manual tsref-type-AmlOutcome}@w{ } +@anchor{4e}@w{ } +@anchor{taler-exchange-manual tsref-type-LegitimizationMeasures}@w{ } +@anchor{4d}@w{ } +@anchor{taler-exchange-manual tsref-type-AmlProgramInput}@w{ } +@anchor{5a}@w{ } @c %**end of body @bye diff --git a/texinfo/taler-merchant-api-tutorial-figures/arch-api.png b/texinfo/taler-merchant-api-tutorial-figures/arch-api.png Binary files differindex 9e593ab4..68e30822 100644 --- a/texinfo/taler-merchant-api-tutorial-figures/arch-api.png +++ b/texinfo/taler-merchant-api-tutorial-figures/arch-api.png diff --git a/texinfo/taler-merchant-api-tutorial.texi b/texinfo/taler-merchant-api-tutorial.texi index 28b57ecc..c79493cc 100644 --- a/texinfo/taler-merchant-api-tutorial.texi +++ b/texinfo/taler-merchant-api-tutorial.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -948,8 +948,8 @@ render fields that they do not understand as a key-value list. @printindex ge -@anchor{c}@w{ } @anchor{taler-merchant-api-tutorial The-Taler-Order-Format}@w{ } +@anchor{c}@w{ } @c %**end of body @bye diff --git a/texinfo/taler-merchant-figures/arch-api.png b/texinfo/taler-merchant-figures/arch-api.png Binary files differindex 9e593ab4..68e30822 100644 --- a/texinfo/taler-merchant-figures/arch-api.png +++ b/texinfo/taler-merchant-figures/arch-api.png diff --git a/texinfo/taler-merchant.texi b/texinfo/taler-merchant.texi index 8e7582b9..e41a2a17 100644 --- a/texinfo/taler-merchant.texi +++ b/texinfo/taler-merchant.texi @@ -19,7 +19,7 @@ @copying @quotation -GNU Taler 0.9.4, Apr 12, 2024 +GNU Taler 0.10.0, May 15, 2024 GNU Taler team @@ -679,7 +679,11 @@ For Ubuntu Mantic use this instead: deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ mantic taler-mantic @end example -The last line is crucial, as it adds the GNU Taler packages. +For Ubuntu Noble use this instead: + +@example +deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/ubuntu/ noble taler-noble +@end example Next, you must import the Taler Systems SA public package signing key into your keyring and update the package lists: @@ -984,16 +988,11 @@ variables that are unset, by using the following syntax: @code{$@{VAR:-default@}}. There are two ways a user can set the value of @code{$}-prefixable variables: -@quotation - @enumerate @item by defining them under a @code{[paths]} section: -@end enumerate - -@quotation @example [paths] @@ -1002,22 +1001,14 @@ TALER_DEPLOYMENT_SHARED = $@{HOME@}/shared-data [section-x] path-x = $@{TALER_DEPLOYMENT_SHARED@}/x @end example -@end quotation - - -@enumerate 2 @item or by setting them in the environment: -@end enumerate - -@quotation @example $ export VAR=/x @end example -@end quotation -@end quotation +@end enumerate The configuration loader will give precedence to variables set under @code{[path]} over environment variables. @@ -2088,7 +2079,7 @@ restart the service. The installation process will install various HTML templates to be served to trigger the wallet interaction. You may change those templates to your own -design. The templating language used is Mustach@footnote{https://gitlab.com/jbol/mustach}, and the templates are in the +design. The templating language used is C implementation of mustache@footnote{https://gitlab.com/jobol/mustach}, and the templates are in the @code{share/taler/merchant/templates/} directory. The file names must be of the form @code{$NAME.$LANG.must} where @code{$NAME} is the |