diff options
| author | Florian Dold <florian@dold.me> | 2021-07-16 17:16:38 +0200 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2021-07-16 17:16:38 +0200 |
| commit | 5597dc6f1e8d8b73f906365618ba3922f9dd7660 (patch) | |
| tree | 0f8fa93ba389f87e88115e0c4c64a906c494988a /debian/taler-exchange.postinst | |
| parent | 970c9eab865715b7f37d9e0a6b14e233fddcfa12 (diff) | |
| download | exchange-5597dc6f1e8d8b73f906365618ba3922f9dd7660.tar.gz exchange-5597dc6f1e8d8b73f906365618ba3922f9dd7660.tar.bz2 exchange-5597dc6f1e8d8b73f906365618ba3922f9dd7660.zip | |
debian: new config file structure
Diffstat (limited to 'debian/taler-exchange.postinst')
| -rw-r--r-- | debian/taler-exchange.postinst | 255 |
1 files changed, 130 insertions, 125 deletions
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 72f8f6c5d..e8ef11d69 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -2,106 +2,111 @@ set -e - . /usr/share/debconf/confmodule +# usage: fixperm user:group perms file +function fixperm() { + chown "$1" "$3" + chmod "$2" "$3" +} + +# usage: lncfg user target +function lncfg() { + mkdir ~$1/.config + chown $1:$1 ~$1/.config + ln -sf $1/.config/taler.conf $2 +} + case "${1}" in - configure) - db_version 2.0 - - db_get taler-exchange/eusername - _EUSERNAME="${RET:-taler-exchange-httpd}" - - db_get taler-exchange/rsecusername - _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" - - db_get taler-exchange/esecusername - _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" - - db_get taler-exchange/wireusername - _WIREUSERNAME="${RET:-taler-exchange-wire}" - - db_get taler-exchange/aggrusername - _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" - - db_get taler-exchange/groupname - _GROUPNAME="${RET:-taler-private}" - - db_get taler-exchange/dbgroupname - _DBGROUPNAME="${RET:-taler-exchange-db}" - - db_stop - - CONFIG_FILE="/etc/default/taler-exchange" - TALER_HOME="/var/lib/taler-exchange" - - # Creating taler groups as needed - if ! getent group ${_GROUPNAME} > /dev/null - then - echo -n "Creating new Taler group ${_GROUPNAME}:" - addgroup --quiet --system ${_GROUPNAME} - echo " done." - fi - if ! getent group ${_DBGROUPNAME} > /dev/null - then - echo -n "Creating new Taler group ${_DBGROUPNAME}:" - addgroup --quiet --system ${_DBGROUPNAME} - echo " done." - fi - - # Creating taler users if needed - if ! getent passwd ${_EUSERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_EUSERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} - adduser ${_EUSERNAME} ${_DBGROUPNAME} - echo " done." - fi - if ! getent passwd ${_RSECUSERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_RSECUSERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME} - echo " done." - fi - if ! getent passwd ${_ESECUSERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_ESECUSERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME} - echo " done." - fi - if ! getent passwd ${_WIREUSERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_WIREUSERNAME}:" - adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} - adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME} - echo " done." - fi - if ! getent passwd ${_AGGRUSERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_AGGRUSERNAME}:" - adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} - adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} - echo " done." - fi - - # Writing new values to configuration file - echo -n "Writing new configuration file:" - CONFIG_NEW=$(tempfile) - -cat > "${CONFIG_NEW}" <<EOF +configure) + db_version 2.0 + + db_get taler-exchange/eusername + _EUSERNAME="${RET:-taler-exchange-httpd}" + + db_get taler-exchange/rsecusername + _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" + + db_get taler-exchange/esecusername + _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" + + db_get taler-exchange/wireusername + _WIREUSERNAME="${RET:-taler-exchange-wire}" + + db_get taler-exchange/aggrusername + _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" + + db_get taler-exchange/groupname + _GROUPNAME="${RET:-taler-private}" + + db_get taler-exchange/dbgroupname + _DBGROUPNAME="${RET:-taler-exchange-db}" + + db_stop + + CONFIG_FILE="/etc/default/taler-exchange" + TALER_HOME="/var/lib/taler-exchange" + + # Creating taler groups as needed + if ! getent group ${_GROUPNAME} >/dev/null; then + echo -n "Creating new Taler group ${_GROUPNAME}:" + addgroup --quiet --system ${_GROUPNAME} + echo " done." + fi + if ! getent group ${_DBGROUPNAME} >/dev/null; then + echo -n "Creating new Taler group ${_DBGROUPNAME}:" + addgroup --quiet --system ${_DBGROUPNAME} + echo " done." + fi + + # Creating taler users if needed + if ! getent passwd ${_EUSERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_EUSERNAME}:" + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} + adduser ${_EUSERNAME} ${_DBGROUPNAME} + echo " done." + fi + if ! getent passwd ${_RSECUSERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_RSECUSERNAME}:" + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME} + echo " done." + fi + if ! getent passwd ${_ESECUSERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_ESECUSERNAME}:" + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME} + echo " done." + fi + if ! getent passwd ${_WIREUSERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_WIREUSERNAME}:" + adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} + adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME} + echo " done." + fi + if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then + echo -n "Creating new Taler user ${_AGGRUSERNAME}:" + adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} + adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} + echo " done." + fi + + # Writing new values to configuration file + echo -n "Writing new configuration file:" + CONFIG_NEW=$(tempfile) + + cat >"${CONFIG_NEW}" <<EOF # This file controls the behaviour of the Taler init script. # It will be parsed as a shell script. # please do not edit by hand, use 'dpkg-reconfigure taler-exchange'. TALER_EUSER=${_EUSERNAME} -TALER_RSECUSER=${_RESCUSERNAME} +TALER_RSECUSER=${_RSECUSERNAME} TALER_ESECUSER=${_ESECUSERNAME} TALER_WIREUSER=${_WIREUSERNAME} TALER_AGGRUSER=${_AGGRUSERNAME} TALER_GROUP=${_GROUPNAME} EOF -cat > "/etc/systemd/system/taler-exchange-httpd.socket" <<EOF + cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF [Unit] Description=Taler Exchange Socket PartOf=taler-exchange-httpd.service @@ -118,7 +123,7 @@ SocketMode=0660 WantedBy=sockets.target EOF -cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF [Unit] Description=GNU Taler payment system exchange REST API AssertPathExists=/var/lib/taler-exchange/ @@ -131,7 +136,7 @@ EnvironmentFile=/etc/default/taler-exchange User=${_EUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full @@ -140,7 +145,7 @@ ProtectSystem=full WantedBy=multi-user.target EOF -cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF [Unit] Description=GNU Taler payment system exchange RSA security module @@ -149,13 +154,13 @@ EnvironmentFile=/etc/default/taler-exchange User=${_RSECUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full EOF -cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF [Unit] Description=GNU Taler payment system exchange EdDSA security module @@ -164,13 +169,13 @@ EnvironmentFile=/etc/default/taler-exchange User=${_ESECUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full EOF -cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF [Unit] Description=GNU Taler payment system exchange wirewatch service After=network.target @@ -180,14 +185,14 @@ EnvironmentFile=/etc/default/taler-exchange User=${_WIREUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full EOF -cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF [Unit] Description=GNU Taler payment system exchange transfer service After=network.target @@ -197,13 +202,13 @@ EnvironmentFile=/etc/default/taler-exchange User=${_WIREUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full EOF -cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF + cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF [Unit] Description=GNU Taler payment system exchange aggregator service @@ -212,7 +217,7 @@ EnvironmentFile=/etc/default/taler-exchange User=${_AGGRUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full @@ -220,42 +225,42 @@ ProtectSystem=full EOF - cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" - rm -f "${CONFIG_NEW}" - echo " done." + cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" + rm -f "${CONFIG_NEW}" + echo " done." - echo -n "Setting up system services " + echo -n "Setting up system services " - mkdir -p /var/lib/taler-exchange/tmp - chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp - chmod 770 /var/lib/taler-exchange/tmp - chmod +s /var/lib/taler-exchange/tmp + mkdir -p /var/lib/taler-exchange/tmp + chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp + chmod 770 /var/lib/taler-exchange/tmp + chmod +s /var/lib/taler-exchange/tmp - chown root:${_GROUPNAME} /etc/taler-secmod.conf - chmod 640 /etc/taler-secmod.conf - chown ${_WIREUSERNAME}:root /etc/taler-wire.conf - chmod 460 /etc/taler-wire.conf - chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf - chmod 640 /etc/taler-exchange-db.conf - chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf - chmod 460 /etc/taler-wire.conf + fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf + fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf - systemctl daemon-reload >/dev/null 2>&1 || true + systemctl daemon-reload >/dev/null 2>&1 || true + echo "done." - echo "done." + echo -n "Linking config files" + lncfg ${_EUSERNAME} /etc/taler/exchange-service-default.conf + lncfg ${_RSECUSERNAME} /etc/taler/exchange-service-default.conf + lncfg ${_ESECUSERNAME} /etc/taler/exchange-service-default.conf + lncfg ${_AGGRUSERNAME} /etc/taler/exchange-service-default.conf + lncfg ${_WIREUSERNAME} /etc/taler/exchange-service-wire.conf + echo " done" - # Cleaning - echo "All done." - ;; + # Cleaning + echo "All done." + ;; - abort-upgrade|abort-remove|abort-deconfigure) - ;; +abort-upgrade | abort-remove | abort-deconfigure) ;; - *) - echo "postinst called with unknown argument \`${1}'" >&2 - exit 1 - ;; +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# |