From 3a62b34ff8ff6e6d008c687386214d46b589c61c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 26 Dec 2023 02:23:45 +0800 Subject: remove dangerous taler-config incantations from manual (fixes #7896) --- taler-auditor-manual.rst | 45 +++++++++++++++---------- taler-developer-manual.rst | 84 ++++------------------------------------------ taler-merchant-manual.rst | 7 ++-- 3 files changed, 38 insertions(+), 98 deletions(-) diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst index feaf7783..680dd02c 100644 --- a/taler-auditor-manual.rst +++ b/taler-auditor-manual.rst @@ -309,9 +309,6 @@ This section discusses configuration options related to the auditor. .. include:: frags/configuration-format.rst -.. include:: frags/using-taler-config.rst - - .. _SetupBaseUrl: Initial configuration @@ -320,10 +317,11 @@ Initial configuration You need to tell the Taler auditor configuration where the REST API of the auditor will be available to the public: -.. code-block:: console +.. code-block:: ini # Both for the 'offline' *and* the 'auditor' user: - $ taler-config -s auditor -o BASE_URL -V https://auditor.example.com/ + [auditor] + BASE_URL = https://auditor.example.com/ The ``helper`` user that is used to download information from the exchange needs to know details about the exchange. Similarly, the ``offline`` user @@ -332,11 +330,12 @@ need to obtain the ``MASTER_PUBLIC_KEY`` from the exchange operator (they need to run ``taler-exchange-offline setup``) and the REST endpoint of the exchange and configure these: -.. code-block:: console +.. code-block:: ini # As the 'helper' and 'offline' users: - $ taler-config -s exchange -o BASE_URL -V https://exchange.example.com/ - $ taler-config -s exchange -o MASTER_PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE + [exchange] + BASE_URL = https://exchange.example.com/ + MASTER_PUBLIC_KEY = $SOMELONGBASE32VALUEHERE .. _AuditorKeys: @@ -372,10 +371,11 @@ of the ``auditor`` user in the ``[auditor]]`` configuration section: You can set this configuration value using: -.. code-block:: console +.. code-block:: ini # As the 'auditor' and 'helper' users: - $ taler-config -s auditor -o PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE + [auditor] + PUBLIC_KEY = $SOMELONGBASE32VALUEHERE .. _AuditorServing: @@ -658,11 +658,16 @@ PostgreSQL configuration: Next, the ``postgres`` user of the auditor's system must first initialize the local tables: -.. code-block:: console +.. code-block:: ini + # Configure database: + [exchange] + DB = "postgres" + [exchangedb-postgres] + CONFIG = "postgres:///taler-ingress" + +.. code-block:: console # As the 'ingress' user of the exchange: - $ taler-config -s exchange -o DB -V "postgres" - $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress" $ taler-exchange-dbinit To complete the replication, the ``postgres`` user of the auditor's @@ -722,11 +727,17 @@ needs to be changed. To run ``taler-auditor-sync``, you must first configure two configuration files that identify the source and destination databases: -.. code-block:: console +.. code-block:: ini - # As the 'sync' user: - $ taler-config -c src.conf -s exchangedb -o CONFIG -V "postgres:///auditor-ingres/" - $ taler-config -c dst.conf -s exchangedb -o CONFIG -V "postgres:///auditor/" + # src.conf + [exchangedb] + CONFIG = "postgres:///auditor-ingres/" + +.. code-block:: ini + + # dst.conf + [exchangedb] + CONFIG = "postgres:///auditor/" Now you should be able to launch the synchronization process. You can run the process via systemd in the background. For a first one-off test, you should diff --git a/taler-developer-manual.rst b/taler-developer-manual.rst index 1d35e1e0..ee7d93c3 100644 --- a/taler-developer-manual.rst +++ b/taler-developer-manual.rst @@ -1829,84 +1829,12 @@ This section describes various internal programs to make life easier for the developer. -taler-config-generate ---------------------- - -**taler-config-generate** - tool to simplify Taler configuration generation - - -**taler-config-generate** -[**-C** *CURRENCY* | **--currency=**\ ‌\ *CURRENCY*] -[**-c** *FILENAME* | **--config=**\ ‌\ *FILENAME*] -[**-e** | **--exchange**] -[**-f** *AMOUNT* | *--wirefee=*\ ‌\ *AMOUNT*] -[**-h** | **--help**] -[**-J** *JSON* | **--wire-json-exchange=**\ ‌\ *JSON*] -[**-j** *JSON* | **--wire-json-merchant=**\ ‌\ *JSON*] -[**-L** *LOGLEVEL* | **--loglevel=**\ ‌\ *LOGLEVEL*] -[**-m** | **--merchant**] -[**-t** | **--trusted**] -[**-v** | **--version**] -[**-w** *WIREFORMAT* | **--wire** *WIREFORMAT*] -[**--bank-uri**] -[**--exchange-bank-account**] -[**--merchant-bank-account**] - - -**taler-config-generate** can be used to generate configuration files -for the Taler exchange or Taler merchants. - -**-C** *CURRENCY* \| **--currency=**\ ‌\ *CURRENCY* - Which currency should we use in the configuration. - -**-c** *FILENAME* \| **--config=**\ ‌\ *FILENAME* - Location where to write the generated configuration. Existing file - will be updated, not overwritten. - -**-e** \| **--exchange** - Generate configuration for a Taler exchange. - -**-f** *AMOUNT* \| *-wirefee=*\ ‌\ *AMOUNT* - Setup wire transfer fees for the next 5 years for the exchange (for - all wire methods). - -**-h** \| **--help** - Shows this man page. - -**-J** *JSON* \| **--wire-json-exchange=**\ ‌\ *JSON* - Wire configuration to use for the exchange. - -**-j** *JSON* \| **--wire-json-merchant=**\ ‌\ *JSON* - Wire configuration to use for the merchant. - -**-L** *LOGLEVEL* \| **--loglevel=**\ ‌\ *LOGLEVEL* - Use LOGLEVEL for logging. Valid values are DEBUG, INFO, WARNING and - ERROR. - -**-m** \| **--merchant** - Generate configuration for a Taler merchant. - -**-t** \| **--trusted** - Setup current exchange as trusted with current merchant. Generally - only useful when configuring for testcases. - -**-v** \| **--version** - Print version information. - -**-w** *WIREFORMAT* \| **--wire** *WIREFORMAT* - Specifies which wire format to use (i.e. “x-talerbank” or “iban”) +taler-harness +------------- -**--bank-uri** - Alternative to specify wire configuration to use for the exchange and - merchant for the “test” wire method. Only useful if WIREFORMAT was - set to “test”. Specifies the URI of the bank. +**taler-harness deployment gen-coin-config** is a tool to simplify Taler configuration generation. -**--exchange-bank-account** - Alternative to specify wire configuration to use for the exchange for - the “test” wire method. Only useful if WIREFORMAT was set to “test”. - Specifies the bank account number of the exchange. -**--merchant-bank-account** - Alternative to specify wire configuration to use for the merchant for - the “test” wire method. Only useful if WIREFORMAT was set to “test”. - Specifies the bank account number of the merchant. +**taler-harness deployment gen-coin-config** +[**-min-amount**=**\ ‌\ *VALUE*] +[**-max-amount**=**\ ‌\ *VALUE*] diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst index 4d3ae4ee..4959dd48 100644 --- a/taler-merchant-manual.rst +++ b/taler-merchant-manual.rst @@ -879,10 +879,11 @@ Using UNIX domain sockets To ensure that the merchant backend is not exposed directly to the network, you *should* bind the backend to a UNIX domain socket: -.. code-block:: console +.. code-block:: ini - $ taler-config -s MERCHANT -o SERVE -V unix - $ taler-config -s MERCHANT -o UNIXPATH -V "/some/path/here.sock" + [MERCHANT] + SERVE = unix + UNIXPATH = "/some/path/here.sock" Do not use a UNIX domain socket path in "/tmp": systemd (or other init systems) may give Web servers a private "/tmp" thereby hiding UNIX domain -- cgit v1.2.3