diff options
Diffstat (limited to 'debian')
42 files changed, 654 insertions, 110 deletions
diff --git a/debian/changelog b/debian/changelog index 8dcaf12d4..8d9f58db1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,170 @@ +taler-exchange (0.11.2) unstable; urgency=low + + * Bump version. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 5 Jun 2024 21:50:12 +0200 + +taler-exchange (0.11.1) unstable; urgency=low + + * Fixed issues with restarts in service files. + * Fixed minor translation issues. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 21 May 2024 14:50:12 +0200 + +taler-exchange (0.11.0) unstable; urgency=low + + * Releasing 0.11.0 with updated terms of service draft. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 15 May 2024 17:50:12 +0200 + +taler-exchange (0.10.2) unstable; urgency=low + + * Updated man pages and other resources for release. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 12 Apr 2024 09:50:12 +0200 + +taler-exchange (0.10.1) unstable; urgency=low + + * Fixed crash in OTP calculation logic if required amount was not + provided. + * Fixed HTTP headers for /terms, /config and /keys responses + (remove last-modified-since distinguisher, remove duplicate headers) + * Improved systemd files (new offline timer job, exchange slice) + * Implement exchange protocol v19 (include refunds in transaction + aggregation data, expose wire account priorities) + * Update mustach to latest version + + -- Christian Grothoff <grothoff@gnu.org> Tue, 9 Apr 2024 09:50:12 +0200 + +taler-exchange (0.10.0) unstable; urgency=low + + * Fixed major issue where uploading wire data to an + exchange twice would result in broken signatures and + a permanently non-working account. + * Implemented #8000, allowing an exchange to express + preferences over the different bank accounts so that + users are shown the best choices to withdraw from first. + * This version requires a more recent GNUnet (>= 0.21.1). + + -- Christian Grothoff <grothoff@gnu.org> Sat, 9 Mar 2024 21:50:12 +0200 + +taler-exchange (0.9.4-2) unstable; urgency=low + + * Created new taler-terms-generator package + * v0.9.4a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 3 Mar 2024 21:50:12 +0200 + +taler-exchange (0.9.4-1) unstable; urgency=low + + * Actual v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 10 Feb 2024 03:50:12 +0200 + +taler-exchange (0.9.4) unstable; urgency=low + + * Preparations for v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sun, 21 Jan 2024 03:50:12 +0200 + +taler-exchange (0.9.3-7) unstable; urgency=low + + * Move currencies.conf into libtalerexchange base package. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 15 Dec 2023 18:50:12 -0700 + +taler-exchange (0.9.3-6) unstable; urgency=low + + * Generate proper markdown in taler-terms-generator. + * Return language code for legal terms. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 13 Dec 2023 18:50:12 -0700 + +taler-exchange (0.9.3-5) unstable; urgency=low + + * More fixes to the database setup automation scripts. + * Implement latest /config API in fakebank. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Dec 2023 00:50:12 -0800 + +taler-exchange (0.9.3-4) unstable; urgency=low + + * Minor hot-fixes to the database setup automation script. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 1 Dec 2023 10:50:12 -0800 + +taler-exchange (0.9.3-3) unstable; urgency=low + + * This packages the v0.9.3b bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200 + +taler-exchange (0.9.3-2) unstable; urgency=low + + * This packages the v0.9.3a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200 + +taler-exchange (0.9.3-1) unstable; urgency=low + + * Actual v0.9.3 release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 27 Sep 2023 03:50:12 +0200 + +taler-exchange (0.9.3) unstable; urgency=low + + * First work towards packaging v0.9.3. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Sep 2023 23:50:12 +0200 + +taler-exchange (0.9.2-3) unstable; urgency=low + + * Improvements to timeout handling when DB is not available yet. + + -- Florian Dold <dold@taler.net> Tue, 14 Mar 2023 12:30:15 +0100 + +taler-exchange (0.9.2-2) unstable; urgency=low + + * Further improvements to Debian package. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200 + +taler-exchange (0.9.2-1) unstable; urgency=low + + * Minor improvements to Debian package, also adds age-withdraw REST APIs. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200 + +taler-exchange (0.9.2) unstable; urgency=low + + * Packaging latest release. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 21 Feb 2023 13:50:12 +0200 + +taler-exchange (0.9.1) unstable; urgency=low + + * Packaging latest release. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 17 Jan 2023 11:50:12 +0200 + +taler-exchange (0.9.0) unstable; urgency=low + + * Packaging latest release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 5 Nov 2022 11:50:12 +0200 + +taler-exchange (0.8.99-2) unstable; urgency=low + + * Packaging latest pre-release from Git. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 26 Sep 2022 09:50:12 +0200 + +taler-exchange (0.8.99-1) unstable; urgency=low + + * Updating to latest pre-release from Git. + + -- Christian Grothoff <grothoff@taler.net> Mon, 20 Jun 2022 13:12:58 +0200 + taler-exchange (0.8.5-3) unstable; urgency=low * Updating to latest Git with minor bugfixes and improvements. diff --git a/debian/control b/debian/control index 894a1dd37..52ab79c5f 100644 --- a/debian/control +++ b/debian/control @@ -7,29 +7,23 @@ Build-Depends: automake (>=1.11.1), autopoint, bash, + gcc-12, debhelper-compat (= 12), gettext, - libgnunet-dev (>=0.15.3), + libgnunet-dev (>=0.21), libcurl4-gnutls-dev (>=7.35.0) | libcurl4-openssl-dev (>= 7.35.0), - libgcrypt20-dev (>=1.6), + libgcrypt20-dev (>=1.8), libgnutls28-dev (>=3.2.12), libidn2-dev, - libjansson-dev, + libjansson-dev (>= 2.13), libltdl-dev (>=2.2), - libmicrohttpd-dev (>=0.9.63), - libpq-dev (>=9.5), + libmicrohttpd-dev (>=0.9.71), + libpq-dev (>=15), libsodium-dev (>=1.0.11), - libsqlite3-dev (>=3.8), libunistring-dev (>=0.9.2), - python3-jinja2, - net-tools, po-debconf, - python3-dev, texinfo (>=5.2), zlib1g-dev -Build-Conflicts: - autoconf2.13, - automake1.4 Standards-Version: 4.5.0 Vcs-Git: https://salsa.debian.org/debian/taler-exchange.git Vcs-browser: https://salsa.debian.org/debian/taler-exchange @@ -44,7 +38,26 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: libraries to talk to a GNU Taler exchange +Description: Libraries to talk to a GNU Taler exchange. + The package also contains various files fundamental + to all GNU Taler installations, such as the + taler-config configuration command-line tool, + various base configuration files and associated + documentation. + +Package: taler-terms-generator +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + lsb-base, + pandoc, + groff, + ghostscript, + ${misc:Depends} +Description: Tool to generate the terms of service + and privacy policy for various languages and data + formats. Useful for various GNU Taler components. Package: taler-exchange-database Architecture: any @@ -55,7 +68,10 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: programs and libraries to manage a GNU Taler exchange database +Description: Programs and libraries to manage a GNU Taler exchange database. + This package contains only the code to setup the + (Postgresql) database interaction (taler-exchange-dbinit + and associated resource files). Package: taler-exchange Architecture: any @@ -68,12 +84,29 @@ Depends: lsb-base, netbase, ucf, - dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}, ${shlibs:Depends} Recommends: - taler-exchange-offline (= ${binary:Version}) -Description: GNU's payment system operator + taler-exchange-offline (= ${binary:Version}), + taler-terms-generator, + apache2 | nginx | httpd, + postgresql (>=15.0) +Description: GNU's payment system operator. + GNU Taler is the privacy-preserving digital payment + system from the GNU project. This package contains the + core logic that must be run by the payment service + provider or bank to offer payments to consumers and + merchants. At least one exchange must be operated + per currency. + In addition to the core logic, an exchange operator + must also have a system running the "offline" logic + which is packaged as taler-exchange-offline. It is + recommended to keep the "offline" logic on a system + that is never connected to the Internet. However, it + is also possible to run the "offline" logic directly + on the production system, especially for testing. + Finally, an exchange operator should also be prepared + to run a taler-auditor. Package: taler-exchange-offline Architecture: any @@ -86,7 +119,14 @@ Depends: netbase, ${misc:Depends}, ${shlibs:Depends} -Description: tools for managing the GNU Taler exchange offline keys +Description: Tools for managing the GNU Taler exchange offline keys. + A GNU Taler exchange uses an offline key to sign its online + keys, fee structure, bank routing information and other meta + data. The offline signing key is the root of the Taler PKI + that is then embedded in consumer wallets and merchant backends. + This package includes the tool to download material to sign + from the exchange, create signatures, and upload the resulting + signatures to the exchange. Package: taler-auditor Architecture: any @@ -98,20 +138,26 @@ Depends: adduser, lsb-base, netbase, - dbconfig-pgsql | dbconfig-no-thanks, - python3-jinja2, ${misc:Depends}, ${shlibs:Depends} -Description: GNU's payment system auditor +Description: GNU's payment system auditor. + GNU Taler is the privacy-preserving digital payment + system from the GNU project. This package contains the + auditor logic. It verifies that the taler-exchange run + by a payment service provider is correctly performing + its bank transactions and thus has the correct balance + in its escrow account. Each exchange operator is + expected to make use of one or more auditors as part + of its regulatory compliance. Package: libtalerexchange-dev Section: libdevel Architecture: any Depends: libtalerexchange (= ${binary:Version}), - libgnunet-dev (>=0.15.3), - libgcrypt20-dev (>=1.6), - libmicrohttpd-dev (>=0.9.33), + libgnunet-dev (>=0.21), + libgcrypt20-dev (>=1.8), + libmicrohttpd-dev (>=0.9.71), ${misc:Depends}, ${shlibs:Depends} Description: libraries to talk to a GNU Taler exchange (development) diff --git a/debian/etc-libtalerexchange/taler/taler.conf b/debian/etc-libtalerexchange/taler/taler.conf index 71663be5e..2cf815656 100644 --- a/debian/etc-libtalerexchange/taler/taler.conf +++ b/debian/etc-libtalerexchange/taler/taler.conf @@ -30,14 +30,16 @@ # systems is always rounded to this unit. #currency_round_unit = KUDOS:0.01 +# Monthly amount that mandatorily triggers an AML check +#AML_THRESHOLD = KUDOS:10000000 [paths] -TALER_HOME = /var/lib/taler -TALER_RUNTIME_DIR = /run/taler -TALER_CACHE_HOME = /var/cache/taler -TALER_CONFIG_HOME = /etc/taler -TALER_DATA_HOME = /var/lib/taler +TALER_HOME = /var/lib/taler/ +TALER_RUNTIME_DIR = /run/taler/ +TALER_CACHE_HOME = /var/cache/taler/ +TALER_CONFIG_HOME = /etc/taler/ +TALER_DATA_HOME = /var/lib/taler/ # Inline configurations from all Taler components. diff --git a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor index 3fdffdad3..f74035d53 100644 --- a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor +++ b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor @@ -1,7 +1,18 @@ -location /taler-auditor/ { - proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "example.com"; - proxy_set_header X-Forwarded-Proto "https"; +server { + + listen 80; + listen [::]:80; + + server_name localhost; + + access_log /var/log/nginx/auditor.log; + error_log /var/log/nginx/auditor.err; + + location /taler-auditor/ { + proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "localhost"; + #proxy_set_header X-Forwarded-Proto "https"; + } }
\ No newline at end of file diff --git a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf index b81bb817f..1278a563b 100644 --- a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf +++ b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf @@ -4,7 +4,7 @@ # Typically, there should only be a single line here, of the form: -CONFIG=postgres:///DATABASE +CONFIG=postgres:///taler-auditor # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange index 13ab88633..9b61a32df 100644 --- a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange +++ b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange @@ -2,13 +2,16 @@ server { listen 80; listen [::]:80; - #server_name example.com; + server_name localhost; + + access_log /var/log/nginx/exchange.log; + error_log /var/log/nginx/exchange.err; location /taler-exchange/ { proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/; proxy_redirect off; proxy_set_header Host $host; - #proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Host "localhost"; #proxy_set_header X-Forwarded-Proto "https"; } } diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf index 554852a14..d5938f2b1 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -6,11 +6,19 @@ # which you can get using `taler-exchange-offline setup`. # This is just an example, your key will be different! # MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG -MASTER_PUBLIC_KEY = +# MASTER_PUBLIC_KEY = # Publicly visible base URL of the exchange. # BASE_URL = https://example.com/ -BASE_URL = +# BASE_URL = + +# Here you MUST configure the amount above which transactions are +# always subject to manual AML review. +# AML_THRESHOLD = + +# Attribute encryption key for storing attributes encrypted +# in the database. Should be a high-entropy nonce. +ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE # For your terms of service and privacy policy, you should specify # an Etag that must be updated whenever there are significant @@ -20,18 +28,23 @@ BASE_URL = # TERMS_ETAG = # PRIVACY_ETAG = +SERVE = unix +UNIXPATH_MODE = 666 # Bank accounts used by the exchange should be specified here: [exchange-account-1] -enable_credit = yes -enable_debit = yes +ENABLE_CREDIT = NO +ENABLE_DEBIT = NO # Account identifier in the form of an RFC-8905 payto:// URI. # For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME # Make sure to URL-encode spaces in $NAME! -payto_uri = +PAYTO_URI = # Credentials to access the account are in a separate # config file with restricted permissions. -@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials.secret.conf +@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf + + + diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf index 75c670f71..4ad7e06f6 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -8,3 +8,6 @@ # Only supported database is Postgres right now. DATABASE = postgres + + + diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf index 8c8d14320..8c8d14320 100644 --- a/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf +++ b/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf index 596dcc92b..08c20074c 100644 --- a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf +++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf @@ -4,7 +4,7 @@ # Typically, there should only be a single line here, of the form: -CONFIG=postgres:///DATABASE +CONFIG=postgres:///taler-exchange # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/libtalerexchange-dev.install b/debian/libtalerexchange-dev.install index e21973509..aa1de818a 100644 --- a/debian/libtalerexchange-dev.install +++ b/debian/libtalerexchange-dev.install @@ -1,13 +1,20 @@ # Benchmarks, only install them for the dev package. usr/bin/taler-aggregator-benchmark +usr/bin/taler-bank-benchmark usr/bin/taler-exchange-benchmark +usr/bin/taler-exchange-kyc-tester usr/bin/taler-fakebank-run -usr/bin/taler-bank-benchmark +usr/bin/taler-unified-setup.sh +usr/bin/taler-exchange-kyc-oauth2-test-converter.sh + +# Man pages +usr/share/man/man1/taler-aggregator-benchmark* +usr/share/man/man1/taler-bank-benchmark* +usr/share/man/man1/taler-exchange-kyc-tester* +usr/share/man/man1/taler-exchange-benchmark* +usr/share/man/man1/taler-fakebank-run* +usr/share/man/man1/taler-unified-setup* -# Only used in test cases. Maybe these -# shouldn't even be installed? -usr/bin/taler-nexus-prepare -usr/bin/taler-bank-manage-testing # Headers usr/include/taler/* @@ -22,5 +29,4 @@ usr/lib/*/libtalertesting.so usr/lib/*/libtalerfakebank.so # Documentation -usr/share/man/man1/taler-exchange-benchmark* usr/share/info/taler-developer-manual* diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install index 35961e827..f3c52ba8d 100644 --- a/debian/libtalerexchange.install +++ b/debian/libtalerexchange.install @@ -2,6 +2,7 @@ usr/lib/*/libtaler*.so.* # FIXME: All this should eventually go into taler-base. usr/share/taler/config.d/paths.conf +usr/share/taler/config.d/currencies.conf usr/share/taler/config.d/taler.conf debian/etc-libtalerexchange/* etc/ usr/bin/taler-config diff --git a/debian/libtalerexchange.postinst b/debian/libtalerexchange.postinst new file mode 100644 index 000000000..40b4be061 --- /dev/null +++ b/debian/libtalerexchange.postinst @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +case "${1}" in +configure) + + if ! dpkg-statoverride --list /etc/taler/taler.conf >/dev/null 2>&1; then + dpkg-statoverride --add --update \ + root root 644 \ + /etc/taler/taler.conf + fi + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules index 13d556472..3d8809c50 100755 --- a/debian/rules +++ b/debian/rules @@ -7,6 +7,9 @@ include /usr/share/dpkg/architecture.mk %: dh ${@} +override_dh_builddeb: + dh_builddeb -- -Zgzip + override_dh_auto_configure-arch: dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure) @@ -33,15 +36,20 @@ override_dh_auto_clean: override_dh_installsystemd: # Need to specify units manually, since we have multiple # and dh_installsystemd by default only looks for "<package>.service". - dh_installsystemd -ptaler-exchange --name=taler-exchange-httpd --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-eddsa --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-rsa --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable - dh_installsystemd -ptaler-auditor --name=taler-auditor-httpd --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange --no-start --no-enable + dh_installsystemd -ptaler-exchange --name=taler-exchange-httpd --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-expire --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-cs --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-eddsa --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-rsa --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-auditor --name=taler-auditor-httpd --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-auditor --name=taler-helper-auditor-deposits --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange-offline --name=taler-exchange-offline --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange-offline --name=taler-exchange-offline.timer --no-start --no-enable --no-stop-on-upgrade # final invocation to generate daemon reload dh_installsystemd diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install index 0d7d941a0..4f3d5a1b2 100644 --- a/debian/taler-auditor.install +++ b/debian/taler-auditor.install @@ -1,16 +1,20 @@ usr/bin/taler-auditor +usr/bin/taler-auditor-dbconfig usr/bin/taler-auditor-dbinit -usr/bin/taler-auditor-exchange usr/bin/taler-auditor-httpd usr/bin/taler-auditor-offline usr/bin/taler-auditor-sync usr/bin/taler-helper-auditor-* + usr/lib/*/taler/libtaler_plugin_auditor*.so usr/lib/*/libauditor* usr/lib/*/libtalerauditordb* + usr/share/man/man1/taler-auditor* usr/share/man/man1/taler-helper-auditor* + usr/share/info/taler-auditor* + usr/share/taler/config.d/auditor* usr/share/taler/sql/auditor/* diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst index 4e89be226..847e4aac1 100644 --- a/debian/taler-auditor.postinst +++ b/debian/taler-auditor.postinst @@ -20,9 +20,10 @@ configure) adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME} fi - if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1; then + if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1 + then dpkg-statoverride --add --update \ - ${_USERNAME} ${_GROUPNAME} 660 \ + ${_USERNAME} ${_GROUPNAME} 640 \ /etc/taler/secrets/auditor-db.secret.conf fi diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm index 752510e63..639e3241e 100644 --- a/debian/taler-auditor.postrm +++ b/debian/taler-auditor.postrm @@ -6,9 +6,16 @@ if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi +_USERNAME=taler-auditor-httpd +_GROUPNAME=taler-auditor-httpd + case "${1}" in purge) - ;; + dpkg-statoverride --remove \ + /etc/taler/secrets/auditor-db.secret.conf || true + deluser --system --quiet ${_USERNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true + ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; *) diff --git a/debian/taler-auditor.taler-auditor-httpd.service b/debian/taler-auditor.taler-auditor-httpd.service index 9aefab641..ac68e41c8 100644 --- a/debian/taler-auditor.taler-auditor-httpd.service +++ b/debian/taler-auditor.taler-auditor-httpd.service @@ -6,7 +6,8 @@ After=postgres.service network.target User=taler-auditor-httpd Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf -L INFO [Install] WantedBy=multi-user.target diff --git a/debian/taler-auditor.taler-helper-auditor-deposits.service b/debian/taler-auditor.taler-helper-auditor-deposits.service new file mode 100644 index 000000000..7185a8d52 --- /dev/null +++ b/debian/taler-auditor.taler-helper-auditor-deposits.service @@ -0,0 +1,15 @@ +[Unit]
+Description=GNU Taler auditor helper reporting confirmation deposits
+After=postgres.service
+
+[Service]
+User=taler-auditor-httpd
+Type=simple
+Restart=always
+RestartSec=1s
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-helper-auditor-deposits -c /etc/taler/taler.conf -L INFO
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange-database.install b/debian/taler-exchange-database.install index 56332366d..da8b0dc47 100644 --- a/debian/taler-exchange-database.install +++ b/debian/taler-exchange-database.install @@ -1,5 +1,7 @@ +usr/bin/taler-exchange-dbconfig usr/bin/taler-exchange-dbinit usr/lib/*/taler/libtaler_plugin_exchange*.so +usr/share/man/man1/taler-exchange-dbconfig.1 usr/share/man/man1/taler-exchange-dbinit.1 usr/share/taler/sql/exchange/* usr/share/taler/config.d/exchangedb.conf diff --git a/debian/taler-exchange-offline.postinst b/debian/taler-exchange-offline.postinst index e22ad5920..337bfa5d4 100644 --- a/debian/taler-exchange-offline.postinst +++ b/debian/taler-exchange-offline.postinst @@ -4,20 +4,21 @@ set -e . /usr/share/debconf/confmodule -TALER_HOME="/var/lib/taler" - case "${1}" in configure) if ! getent group taler-exchange-offline >/dev/null; then - addgroup --quiet --system taler-exchange-offline + addgroup --quiet taler-exchange-offline fi if ! getent passwd taler-exchange-offline >/dev/null; then - adduser --quiet --system \ + adduser --quiet \ + --disabled-password \ + --system \ + --shell /bin/bash \ + --home /home/taler-exchange-offline \ --ingroup taler-exchange-offline \ - --no-create-home \ - --home ${TALER_HOME} taler-exchange-offline + taler-exchange-offline fi ;; diff --git a/debian/taler-exchange-offline.taler-exchange-offline.service b/debian/taler-exchange-offline.taler-exchange-offline.service new file mode 100644 index 000000000..bd1b93bb3 --- /dev/null +++ b/debian/taler-exchange-offline.taler-exchange-offline.service @@ -0,0 +1,23 @@ +# This file is in the public domain. +# +# This service is expected to be run via the respective +# timer to ensure that the keys and fees of the exchange +# are always current. +# +# You are expected to edit it to match your desired +# setup! +# +[Unit] +Description=Daily taler-exchange-offline run +Documentation=man:taler-exchange-offline(1) + +[Service] +Type=oneshot +User=taler-exchange-offline +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes + +Environment="REGIO_CURRENCY=$(taler-config -s taler -o CURRENCY)" +ExecStart=bash -c 'taler-exchange-offline download sign wire-fee now iban "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 wire-fee now x-taler-bank "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 global-fee now "${REGIO_CURRENCY}:0" "${REGIO_CURRENCY}:0" "${REGIO_CURRENCY}:0" 4weeks 6years 4 upload' diff --git a/debian/taler-exchange-offline.taler-exchange-offline.timer b/debian/taler-exchange-offline.taler-exchange-offline.timer new file mode 100644 index 000000000..5e605e818 --- /dev/null +++ b/debian/taler-exchange-offline.taler-exchange-offline.timer @@ -0,0 +1,20 @@ +# This file is in the public domain. +# +# Note that this timer is deliberately NOT active +# by default as it is ONLY applicable if the +# taler-exchange-offline tool is run on the *online* +# service and not actually offline. It is provided +# for convenience in setups that do not use offline +# signing. You may need to adjust the +# taler-exchange-offline.service file before using it! +[Unit] +Description=taler-exchange-offline maintenance +Documentation=man:taler-exchange-offline(1) + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install index 8da445c93..f8fef2c3b 100644 --- a/debian/taler-exchange.install +++ b/debian/taler-exchange.install @@ -1,28 +1,40 @@ usr/bin/taler-exchange-aggregator usr/bin/taler-exchange-closer -usr/bin/taler-exchange-dbinit +usr/bin/taler-exchange-drain +usr/bin/taler-exchange-expire usr/bin/taler-exchange-httpd +usr/bin/taler-exchange-kyc-aml-pep-trigger.sh +usr/bin/taler-exchange-kyc-oauth2-challenger.sh +usr/bin/taler-exchange-kyc-kycaid-converter.sh +usr/bin/taler-exchange-kyc-persona-converter.sh +usr/bin/taler-exchange-router +usr/bin/taler-exchange-secmod-cs usr/bin/taler-exchange-secmod-eddsa usr/bin/taler-exchange-secmod-rsa usr/bin/taler-exchange-transfer usr/bin/taler-exchange-wirewatch usr/bin/taler-exchange-wire-gateway-client +usr/lib/*/taler/libtaler_plugin_kyclogic_*.so +usr/lib/*/taler/libtaler_extension_*.so usr/share/man/man1/taler-exchange-aggregator* usr/share/man/man1/taler-exchange-closer* +usr/share/man/man1/taler-exchange-dbconfig* usr/share/man/man1/taler-exchange-dbinit* +usr/share/man/man1/taler-exchange-drain* +usr/share/man/man1/taler-exchange-expire* usr/share/man/man1/taler-exchange-httpd* +usr/share/man/man1/taler-exchange-kyc-aml-pep-trigger* +usr/share/man/man1/taler-exchange-router* +usr/share/man/man1/taler-exchange-secmod-cs* usr/share/man/man1/taler-exchange-secmod-eddsa* usr/share/man/man1/taler-exchange-secmod-rsa* usr/share/man/man1/taler-exchange-transfer* -usr/share/man/man1/taler-exchange-wirewatch* -usr/share/man/man1/taler-bank* usr/share/man/man1/taler-exchange-wire-gateway-client* -usr/share/info/taler-bank* +usr/share/man/man1/taler-exchange-wirewatch* usr/share/info/taler-exchange* usr/share/taler/config.d/* +usr/share/taler/exchange/templates/*.must +usr/share/taler/exchange/spa/* # configuration files in /etc/taler debian/etc-taler-exchange/* etc/ - -usr/share/taler/exchange/pp/*/* -usr/share/taler/exchange/tos/*/* diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 6e01ca2fb..7509a7749 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -9,9 +9,11 @@ _GROUPNAME=taler-exchange-secmod _DBGROUPNAME=taler-exchange-db _EUSERNAME=taler-exchange-httpd _CLOSERUSERNAME=taler-exchange-closer +_CSECUSERNAME=taler-exchange-secmod-cs _RSECUSERNAME=taler-exchange-secmod-rsa _ESECUSERNAME=taler-exchange-secmod-eddsa _AGGRUSERNAME=taler-exchange-aggregator +_EXPIUSERNAME=taler-exchange-expire _WIREUSERNAME=taler-exchange-wire case "${1}" in @@ -29,10 +31,14 @@ configure) if ! getent passwd ${_EUSERNAME} >/dev/null; then adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME} adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME} + adduser --quiet ${_EUSERNAME} ${_GROUPNAME} fi if ! getent passwd ${_RSECUSERNAME} >/dev/null; then adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME} fi + if ! getent passwd ${_CSECUSERNAME} >/dev/null; then + adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_CSECUSERNAME} + fi if ! getent passwd ${_ESECUSERNAME} >/dev/null; then adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_ESECUSERNAME} fi @@ -48,16 +54,20 @@ configure) adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_AGGRUSERNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} fi + if ! getent passwd ${_EXPIUSERNAME} >/dev/null; then + adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_EXPIUSERNAME} + adduser --quiet ${_EXPIUSERNAME} ${_DBGROUPNAME} + fi - if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then + if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - ${_WIREUSERNAME} root 460 \ - /etc/taler/secrets/exchange-accountcredentials.secret.conf + ${_WIREUSERNAME} root 640 \ + /etc/taler/secrets/exchange-accountcredentials-1.secret.conf fi if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - root ${_DBGROUPNAME} 660 \ + root ${_DBGROUPNAME} 640 \ /etc/taler/secrets/exchange-db.secret.conf fi diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index 6c31a4591..fcde84b58 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -2,18 +2,47 @@ set -e +_GROUPNAME=taler-exchange-secmod +_DBGROUPNAME=taler-exchange-db +_EUSERNAME=taler-exchange-httpd +_CLOSERUSERNAME=taler-exchange-closer +_CSECUSERNAME=taler-exchange-secmod-cs +_RSECUSERNAME=taler-exchange-secmod-rsa +_ESECUSERNAME=taler-exchange-secmod-eddsa +_AGGRUSERNAME=taler-exchange-aggregator +_EXPIUSERNAME=taler-exchange-expire +_WIREUSERNAME=taler-exchange-wire + + if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi case "${1}" in -purge) ;; -remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; +purge) + rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-* + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-accountcredentials-1.secret.conf || true + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-db.secret.conf || true + deluser --quiet --system ${_CSECUSERNAME} || true + deluser --quiet --system ${_RSECUSERNAME} || true + deluser --quiet --system ${_ESECUSERNAME} || true + deluser --quiet --system ${_AGGRUSERNAME} || true + deluser --quiet --system ${_EXPIUSERNAME} || true + deluser --quiet --system ${_WIREUSERNAME} || true + deluser --quiet --system ${_CLOSERUSERNAME} || true + deluser --quiet --system ${_EUSERNAME} || true + delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true + ;; +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) + ;; *) - echo "postrm called with unknown argument \`${1}'" >&2 - exit 1 - ;; + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-exchange.taler-exchange-aggregator.service b/debian/taler-exchange.taler-exchange-aggregator.service index 683c1a81e..84b757eda 100644 --- a/debian/taler-exchange.taler-exchange-aggregator.service +++ b/debian/taler-exchange.taler-exchange-aggregator.service @@ -1,15 +1,20 @@ [Unit] Description=GNU Taler payment system exchange aggregator service PartOf=taler-exchange.target +After=postgres.service [Service] User=taler-exchange-aggregator Type=simple Restart=always -RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange-aggregator@.service b/debian/taler-exchange.taler-exchange-aggregator@.service new file mode 100644 index 000000000..b13997ae2 --- /dev/null +++ b/debian/taler-exchange.taler-exchange-aggregator@.service @@ -0,0 +1,24 @@ +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + +[Unit] +Description=GNU Taler payment system exchange aggregator service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-aggregator +Type=simple +Restart=always +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange-closer.service b/debian/taler-exchange.taler-exchange-closer.service index 01c52b2d4..9cdc534f9 100644 --- a/debian/taler-exchange.taler-exchange-closer.service +++ b/debian/taler-exchange.taler-exchange-closer.service @@ -1,15 +1,20 @@ [Unit] Description=GNU Taler payment system exchange closer service PartOf=taler-exchange.target +After=network.target postgres.service [Service] User=taler-exchange-closer Type=simple Restart=always -RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange-expire.service b/debian/taler-exchange.taler-exchange-expire.service new file mode 100644 index 000000000..2a9552f76 --- /dev/null +++ b/debian/taler-exchange.taler-exchange-expire.service @@ -0,0 +1,20 @@ +[Unit] +Description=GNU Taler payment system exchange expire service +PartOf=taler-exchange.target +After=postgres.service + +[Service] +User=taler-exchange-expire +Type=simple +Restart=always +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf -L INFO +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange-httpd.service b/debian/taler-exchange.taler-exchange-httpd.service index 7db2b1194..d7e9b1e36 100644 --- a/debian/taler-exchange.taler-exchange-httpd.service +++ b/debian/taler-exchange.taler-exchange-httpd.service @@ -1,24 +1,35 @@ [Unit] Description=GNU Taler payment system exchange REST API AssertPathExists=/run/taler/exchange-httpd -Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service -After=postgres.service network.target taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +Requires=taler-exchange-httpd.socket taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +After=postgres.service network.target taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service PartOf=taler-exchange.target [Service] User=taler-exchange-httpd Type=simple -# Depending on the configuration, the service suicides and then -# needs to be restarted. + +# Depending on the configuration, the service process kills itself and then +# needs to be restarted. Thus no significant delay on restarts. Restart=always -# Do not dally on restarts. +RestartMode=direct RestartSec=1ms -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +RestartPreventExitStatus=9 + +# Disable the service if more than 5 restarts are encountered within 5s. +# These are usually the systemd defaults, but can be overwritten, thus we set +# them here explicitly, as the exchange code assumes StartLimitInterval +# to be >=5s. +StartLimitBurst=5 +StartLimitInterval=5s + +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice [Install] WantedBy=multi-user.target diff --git a/debian/taler-exchange.taler-exchange-httpd@.service b/debian/taler-exchange.taler-exchange-httpd@.service index 4235f72e9..c4d010b80 100644 --- a/debian/taler-exchange.taler-exchange-httpd@.service +++ b/debian/taler-exchange.taler-exchange-httpd@.service @@ -1,4 +1,9 @@ -% This is a systemd service template. +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + [Unit] Description=GNU Taler payment system exchange REST API at %I AssertPathExists=/run/taler/exchange-httpd @@ -14,13 +19,15 @@ Type=simple Restart=always # Do not dally on restarts. RestartSec=1ms +RestartPreventExitStatus=9 EnvironmentFile=/etc/environment -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice [Install] WantedBy=multi-user.target diff --git a/debian/taler-exchange.taler-exchange-secmod-cs.service b/debian/taler-exchange.taler-exchange-secmod-cs.service new file mode 100644 index 000000000..b11c04552 --- /dev/null +++ b/debian/taler-exchange.taler-exchange-secmod-cs.service @@ -0,0 +1,19 @@ +[Unit] +Description=GNU Taler payment system exchange CS security module +AssertPathExists=/run/taler/exchange-secmod-cs +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-secmod-cs +Type=simple +Restart=always +RestartSec=100ms +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf -L INFO +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service b/debian/taler-exchange.taler-exchange-secmod-eddsa.service index e4898581c..17f1da3f5 100644 --- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service @@ -8,9 +8,12 @@ User=taler-exchange-secmod-eddsa Type=simple Restart=always RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no PrivateDevices=yes ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service b/debian/taler-exchange.taler-exchange-secmod-rsa.service index 6c5a3d613..854737d03 100644 --- a/debian/taler-exchange.taler-exchange-secmod-rsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service @@ -8,9 +8,12 @@ User=taler-exchange-secmod-rsa Type=simple Restart=always RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no PrivateDevices=yes ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice diff --git a/debian/taler-exchange.taler-exchange-transfer.service b/debian/taler-exchange.taler-exchange-transfer.service index b2615b7c9..77ada8f86 100644 --- a/debian/taler-exchange.taler-exchange-transfer.service +++ b/debian/taler-exchange.taler-exchange-transfer.service @@ -1,16 +1,20 @@ [Unit] Description=Taler Exchange Transfer Service -After=network.target +After=network.target postgres.service PartOf=taler-exchange.target [Service] User=taler-exchange-wire Type=simple Restart=always -RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange-wirewatch.service b/debian/taler-exchange.taler-exchange-wirewatch.service index 54704cb80..7a7dc60b0 100644 --- a/debian/taler-exchange.taler-exchange-wirewatch.service +++ b/debian/taler-exchange.taler-exchange-wirewatch.service @@ -1,16 +1,20 @@ [Unit] Description=GNU Taler payment system exchange wirewatch service -After=network.target +After=network.target postgres.service PartOf=taler-exchange.target [Service] User=taler-exchange-wire Type=simple Restart=always -RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=9 +RuntimeMaxSec=3600s +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice diff --git a/debian/taler-exchange.taler-exchange-wirewatch@.service b/debian/taler-exchange.taler-exchange-wirewatch@.service index 54704cb80..a2836c6b9 100644 --- a/debian/taler-exchange.taler-exchange-wirewatch@.service +++ b/debian/taler-exchange.taler-exchange-wirewatch@.service @@ -1,3 +1,9 @@ +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + [Unit] Description=GNU Taler payment system exchange wirewatch service After=network.target @@ -7,10 +13,13 @@ PartOf=taler-exchange.target User=taler-exchange-wire Type=simple Restart=always -RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +RestartSec=1s +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes PrivateDevices=yes ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/debian/taler-exchange.taler-exchange.slice b/debian/taler-exchange.taler-exchange.slice new file mode 100644 index 000000000..b5bb71e2e --- /dev/null +++ b/debian/taler-exchange.taler-exchange.slice @@ -0,0 +1,7 @@ +[Unit] +Description=Slice for GNU taler exchange processes +Before=slices.target + +[Slice] +# Add settings that should affect all GNU Taler exchange +# components here. diff --git a/debian/taler-exchange.taler-exchange.target b/debian/taler-exchange.taler-exchange.target index eea37c800..65ec77c1e 100644 --- a/debian/taler-exchange.taler-exchange.target +++ b/debian/taler-exchange.taler-exchange.target @@ -6,6 +6,7 @@ Wants=taler-exchange-httpd.service Wants=taler-exchange-wirewatch.service Wants=taler-exchange-aggregator.service Wants=taler-exchange-closer.service +Wants=taler-exchange-expire.service Wants=taler-exchange-transfer.service [Install] diff --git a/debian/taler-exchange.tmpfiles b/debian/taler-exchange.tmpfiles index 79554ccf2..c2a796539 100644 --- a/debian/taler-exchange.tmpfiles +++ b/debian/taler-exchange.tmpfiles @@ -1,7 +1,8 @@ #Type Path Mode UID GID Age Argument d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - - +d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod - - d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - - d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - - -d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline - - +d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod - - d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - - d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - - diff --git a/debian/taler-terms-generator.install b/debian/taler-terms-generator.install new file mode 100644 index 000000000..19972ffc7 --- /dev/null +++ b/debian/taler-terms-generator.install @@ -0,0 +1,8 @@ +usr/share/man/man1/taler-terms-generator.1 +usr/bin/taler-terms-generator + +# Terms of service / privacy policy templates +usr/share/taler/terms/*.rst + +# Translations of ToS/PP +usr/share/locale/*/LC_MESSAGES/*.po |