diff options
Diffstat (limited to 'debian')
35 files changed, 380 insertions, 67 deletions
diff --git a/debian/changelog b/debian/changelog index 6ce262b2f..cab5345dc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,109 @@ +taler-exchange (0.10.2) unstable; urgency=low + + * Updated man pages and other resources for release. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 12 Apr 2024 09:50:12 +0200 + +taler-exchange (0.10.1) unstable; urgency=low + + * Fixed crash in OTP calculation logic if required amount was not + provided. + * Fixed HTTP headers for /terms, /config and /keys responses + (remove last-modified-since distinguisher, remove duplicate headers) + * Improved systemd files (new offline timer job, exchange slice) + * Implement exchange protocol v19 (include refunds in transaction + aggregation data, expose wire account priorities) + * Update mustach to latest version + + -- Christian Grothoff <grothoff@gnu.org> Tue, 9 Apr 2024 09:50:12 +0200 + +taler-exchange (0.10.0) unstable; urgency=low + + * Fixed major issue where uploading wire data to an + exchange twice would result in broken signatures and + a permanently non-working account. + * Implemented #8000, allowing an exchange to express + preferences over the different bank accounts so that + users are shown the best choices to withdraw from first. + * This version requires a more recent GNUnet (>= 0.21.1). + + -- Christian Grothoff <grothoff@gnu.org> Sat, 9 Mar 2024 21:50:12 +0200 + +taler-exchange (0.9.4-2) unstable; urgency=low + + * Created new taler-terms-generator package + * v0.9.4a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 3 Mar 2024 21:50:12 +0200 + +taler-exchange (0.9.4-1) unstable; urgency=low + + * Actual v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 10 Feb 2024 03:50:12 +0200 + +taler-exchange (0.9.4) unstable; urgency=low + + * Preparations for v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sun, 21 Jan 2024 03:50:12 +0200 + +taler-exchange (0.9.3-7) unstable; urgency=low + + * Move currencies.conf into libtalerexchange base package. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 15 Dec 2023 18:50:12 -0700 + +taler-exchange (0.9.3-6) unstable; urgency=low + + * Generate proper markdown in taler-terms-generator. + * Return language code for legal terms. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 13 Dec 2023 18:50:12 -0700 + +taler-exchange (0.9.3-5) unstable; urgency=low + + * More fixes to the database setup automation scripts. + * Implement latest /config API in fakebank. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Dec 2023 00:50:12 -0800 + +taler-exchange (0.9.3-4) unstable; urgency=low + + * Minor hot-fixes to the database setup automation script. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 1 Dec 2023 10:50:12 -0800 + +taler-exchange (0.9.3-3) unstable; urgency=low + + * This packages the v0.9.3b bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200 + +taler-exchange (0.9.3-2) unstable; urgency=low + + * This packages the v0.9.3a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200 + +taler-exchange (0.9.3-1) unstable; urgency=low + + * Actual v0.9.3 release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 27 Sep 2023 03:50:12 +0200 + +taler-exchange (0.9.3) unstable; urgency=low + + * First work towards packaging v0.9.3. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Sep 2023 23:50:12 +0200 + +taler-exchange (0.9.2-3) unstable; urgency=low + + * Improvements to timeout handling when DB is not available yet. + + -- Florian Dold <dold@taler.net> Tue, 14 Mar 2023 12:30:15 +0100 + taler-exchange (0.9.2-2) unstable; urgency=low * Further improvements to Debian package. diff --git a/debian/control b/debian/control index 995b5d3ee..cf99dd1ed 100644 --- a/debian/control +++ b/debian/control @@ -7,22 +7,21 @@ Build-Depends: automake (>=1.11.1), autopoint, bash, + gcc-12, debhelper-compat (= 12), gettext, - libgnunet-dev (>=0.17.1), + libgnunet-dev (>=0.21), libcurl4-gnutls-dev (>=7.35.0) | libcurl4-openssl-dev (>= 7.35.0), libgcrypt20-dev (>=1.8), libgnutls28-dev (>=3.2.12), libidn2-dev, - libjansson-dev, + libjansson-dev (>= 2.13), libltdl-dev (>=2.2), libmicrohttpd-dev (>=0.9.71), - libpq-dev (>=13), + libpq-dev (>=14), libsodium-dev (>=1.0.11), libunistring-dev (>=0.9.2), - python3-jinja2, po-debconf, - python3-dev, texinfo (>=5.2), zlib1g-dev Standards-Version: 4.5.0 @@ -46,6 +45,20 @@ Description: Libraries to talk to a GNU Taler exchange. various base configuration files and associated documentation. +Package: taler-terms-generator +Architecture: any +Pre-Depends: + ${misc:Pre-Depends} +Depends: + lsb-base, + pandoc, + groff, + ghostscript, + ${misc:Depends} +Description: Tool to generate the terms of service + and privacy policy for various languages and data + formats. Useful for various GNU Taler components. + Package: taler-exchange-database Architecture: any Pre-Depends: @@ -71,12 +84,13 @@ Depends: lsb-base, netbase, ucf, - dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}, ${shlibs:Depends} Recommends: taler-exchange-offline (= ${binary:Version}), - postgresql (>=13.0) + taler-terms-generator, + apache2 | nginx | httpd, + postgresql (>=14.0) Description: GNU's payment system operator. GNU Taler is the privacy-preserving digital payment system from the GNU project. This package contains the @@ -124,8 +138,6 @@ Depends: adduser, lsb-base, netbase, - dbconfig-pgsql | dbconfig-no-thanks, - python3-jinja2, ${misc:Depends}, ${shlibs:Depends} Description: GNU's payment system auditor. @@ -143,7 +155,7 @@ Section: libdevel Architecture: any Depends: libtalerexchange (= ${binary:Version}), - libgnunet-dev (>=0.17.1), + libgnunet-dev (>=0.21), libgcrypt20-dev (>=1.8), libmicrohttpd-dev (>=0.9.71), ${misc:Depends}, diff --git a/debian/etc-libtalerexchange/taler/taler.conf b/debian/etc-libtalerexchange/taler/taler.conf index 1c86ccc36..2cf815656 100644 --- a/debian/etc-libtalerexchange/taler/taler.conf +++ b/debian/etc-libtalerexchange/taler/taler.conf @@ -35,11 +35,11 @@ [paths] -TALER_HOME = /var/lib/taler -TALER_RUNTIME_DIR = /run/taler -TALER_CACHE_HOME = /var/cache/taler -TALER_CONFIG_HOME = /etc/taler -TALER_DATA_HOME = /var/lib/taler +TALER_HOME = /var/lib/taler/ +TALER_RUNTIME_DIR = /run/taler/ +TALER_CACHE_HOME = /var/cache/taler/ +TALER_CONFIG_HOME = /etc/taler/ +TALER_DATA_HOME = /var/lib/taler/ # Inline configurations from all Taler components. diff --git a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf index b81bb817f..1278a563b 100644 --- a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf +++ b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf @@ -4,7 +4,7 @@ # Typically, there should only be a single line here, of the form: -CONFIG=postgres:///DATABASE +CONFIG=postgres:///taler-auditor # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf index 89583d5be..d5938f2b1 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -12,6 +12,14 @@ # BASE_URL = https://example.com/ # BASE_URL = +# Here you MUST configure the amount above which transactions are +# always subject to manual AML review. +# AML_THRESHOLD = + +# Attribute encryption key for storing attributes encrypted +# in the database. Should be a high-entropy nonce. +ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE + # For your terms of service and privacy policy, you should specify # an Etag that must be updated whenever there are significant # changes to either document. The format is up to you, what matters @@ -26,14 +34,17 @@ UNIXPATH_MODE = 666 # Bank accounts used by the exchange should be specified here: [exchange-account-1] -enable_credit = no -enable_debit = no +ENABLE_CREDIT = NO +ENABLE_DEBIT = NO # Account identifier in the form of an RFC-8905 payto:// URI. # For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME # Make sure to URL-encode spaces in $NAME! -payto_uri = +PAYTO_URI = # Credentials to access the account are in a separate # config file with restricted permissions. @inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf + + + diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf index 75c670f71..4ad7e06f6 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -8,3 +8,6 @@ # Only supported database is Postgres right now. DATABASE = postgres + + + diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf index a7a727b62..08c20074c 100644 --- a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf +++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf @@ -4,7 +4,7 @@ # Typically, there should only be a single line here, of the form: -# CONFIG=postgres:///DATABASE +CONFIG=postgres:///taler-exchange # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/libtalerexchange-dev.install b/debian/libtalerexchange-dev.install index 45e6d6ac9..aa1de818a 100644 --- a/debian/libtalerexchange-dev.install +++ b/debian/libtalerexchange-dev.install @@ -1,17 +1,19 @@ # Benchmarks, only install them for the dev package. usr/bin/taler-aggregator-benchmark -usr/bin/taler-exchange-benchmark -usr/bin/taler-fakebank-run usr/bin/taler-bank-benchmark +usr/bin/taler-exchange-benchmark usr/bin/taler-exchange-kyc-tester - -# Only used in test cases. Maybe these -# shouldn't even be installed? -usr/bin/taler-nexus-prepare -usr/bin/taler-bank-manage-testing +usr/bin/taler-fakebank-run +usr/bin/taler-unified-setup.sh +usr/bin/taler-exchange-kyc-oauth2-test-converter.sh # Man pages +usr/share/man/man1/taler-aggregator-benchmark* +usr/share/man/man1/taler-bank-benchmark* usr/share/man/man1/taler-exchange-kyc-tester* +usr/share/man/man1/taler-exchange-benchmark* +usr/share/man/man1/taler-fakebank-run* +usr/share/man/man1/taler-unified-setup* # Headers @@ -27,5 +29,4 @@ usr/lib/*/libtalertesting.so usr/lib/*/libtalerfakebank.so # Documentation -usr/share/man/man1/taler-exchange-benchmark* usr/share/info/taler-developer-manual* diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install index 35961e827..f3c52ba8d 100644 --- a/debian/libtalerexchange.install +++ b/debian/libtalerexchange.install @@ -2,6 +2,7 @@ usr/lib/*/libtaler*.so.* # FIXME: All this should eventually go into taler-base. usr/share/taler/config.d/paths.conf +usr/share/taler/config.d/currencies.conf usr/share/taler/config.d/taler.conf debian/etc-libtalerexchange/* etc/ usr/bin/taler-config diff --git a/debian/libtalerexchange.postinst b/debian/libtalerexchange.postinst new file mode 100644 index 000000000..40b4be061 --- /dev/null +++ b/debian/libtalerexchange.postinst @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +case "${1}" in +configure) + + if ! dpkg-statoverride --list /etc/taler/taler.conf >/dev/null 2>&1; then + dpkg-statoverride --add --update \ + root root 644 \ + /etc/taler/taler.conf + fi + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules index aef4bf5f8..3d8809c50 100755 --- a/debian/rules +++ b/debian/rules @@ -36,16 +36,20 @@ override_dh_auto_clean: override_dh_installsystemd: # Need to specify units manually, since we have multiple # and dh_installsystemd by default only looks for "<package>.service". - dh_installsystemd -ptaler-exchange --name=taler-exchange-httpd --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-cs --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-eddsa --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-rsa --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable - dh_installsystemd -ptaler-auditor --name=taler-auditor-httpd --no-start --no-enable - dh_installsystemd -ptaler-exchange --name=taler-exchange --no-start --no-enable + dh_installsystemd -ptaler-exchange --name=taler-exchange-httpd --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-expire --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-cs --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-eddsa --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-rsa --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange --name=taler-exchange --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-auditor --name=taler-auditor-httpd --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-auditor --name=taler-helper-auditor-deposits --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange-offline --name=taler-exchange-offline --no-start --no-enable --no-stop-on-upgrade + dh_installsystemd -ptaler-exchange-offline --name=taler-exchange-offline.timer --no-start --no-enable --no-stop-on-upgrade # final invocation to generate daemon reload dh_installsystemd diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install index 0d7d941a0..4f3d5a1b2 100644 --- a/debian/taler-auditor.install +++ b/debian/taler-auditor.install @@ -1,16 +1,20 @@ usr/bin/taler-auditor +usr/bin/taler-auditor-dbconfig usr/bin/taler-auditor-dbinit -usr/bin/taler-auditor-exchange usr/bin/taler-auditor-httpd usr/bin/taler-auditor-offline usr/bin/taler-auditor-sync usr/bin/taler-helper-auditor-* + usr/lib/*/taler/libtaler_plugin_auditor*.so usr/lib/*/libauditor* usr/lib/*/libtalerauditordb* + usr/share/man/man1/taler-auditor* usr/share/man/man1/taler-helper-auditor* + usr/share/info/taler-auditor* + usr/share/taler/config.d/auditor* usr/share/taler/sql/auditor/* diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst index 4e89be226..847e4aac1 100644 --- a/debian/taler-auditor.postinst +++ b/debian/taler-auditor.postinst @@ -20,9 +20,10 @@ configure) adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME} fi - if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1; then + if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1 + then dpkg-statoverride --add --update \ - ${_USERNAME} ${_GROUPNAME} 660 \ + ${_USERNAME} ${_GROUPNAME} 640 \ /etc/taler/secrets/auditor-db.secret.conf fi diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm index 752510e63..639e3241e 100644 --- a/debian/taler-auditor.postrm +++ b/debian/taler-auditor.postrm @@ -6,9 +6,16 @@ if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi +_USERNAME=taler-auditor-httpd +_GROUPNAME=taler-auditor-httpd + case "${1}" in purge) - ;; + dpkg-statoverride --remove \ + /etc/taler/secrets/auditor-db.secret.conf || true + deluser --system --quiet ${_USERNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true + ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; *) diff --git a/debian/taler-auditor.taler-auditor-httpd.service b/debian/taler-auditor.taler-auditor-httpd.service index 9aefab641..ac68e41c8 100644 --- a/debian/taler-auditor.taler-auditor-httpd.service +++ b/debian/taler-auditor.taler-auditor-httpd.service @@ -6,7 +6,8 @@ After=postgres.service network.target User=taler-auditor-httpd Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf -L INFO [Install] WantedBy=multi-user.target diff --git a/debian/taler-auditor.taler-helper-auditor-deposits.service b/debian/taler-auditor.taler-helper-auditor-deposits.service new file mode 100644 index 000000000..7185a8d52 --- /dev/null +++ b/debian/taler-auditor.taler-helper-auditor-deposits.service @@ -0,0 +1,15 @@ +[Unit]
+Description=GNU Taler auditor helper reporting confirmation deposits
+After=postgres.service
+
+[Service]
+User=taler-auditor-httpd
+Type=simple
+Restart=always
+RestartSec=1s
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-helper-auditor-deposits -c /etc/taler/taler.conf -L INFO
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange-database.install b/debian/taler-exchange-database.install index 56332366d..da8b0dc47 100644 --- a/debian/taler-exchange-database.install +++ b/debian/taler-exchange-database.install @@ -1,5 +1,7 @@ +usr/bin/taler-exchange-dbconfig usr/bin/taler-exchange-dbinit usr/lib/*/taler/libtaler_plugin_exchange*.so +usr/share/man/man1/taler-exchange-dbconfig.1 usr/share/man/man1/taler-exchange-dbinit.1 usr/share/taler/sql/exchange/* usr/share/taler/config.d/exchangedb.conf diff --git a/debian/taler-exchange-offline.taler-exchange-offline.service b/debian/taler-exchange-offline.taler-exchange-offline.service new file mode 100644 index 000000000..bd1b93bb3 --- /dev/null +++ b/debian/taler-exchange-offline.taler-exchange-offline.service @@ -0,0 +1,23 @@ +# This file is in the public domain. +# +# This service is expected to be run via the respective +# timer to ensure that the keys and fees of the exchange +# are always current. +# +# You are expected to edit it to match your desired +# setup! +# +[Unit] +Description=Daily taler-exchange-offline run +Documentation=man:taler-exchange-offline(1) + +[Service] +Type=oneshot +User=taler-exchange-offline +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes + +Environment="REGIO_CURRENCY=$(taler-config -s taler -o CURRENCY)" +ExecStart=bash -c 'taler-exchange-offline download sign wire-fee now iban "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 wire-fee now x-taler-bank "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 global-fee now "${REGIO_CURRENCY}:0" "${REGIO_CURRENCY}:0" "${REGIO_CURRENCY}:0" 4weeks 6years 4 upload' diff --git a/debian/taler-exchange-offline.taler-exchange-offline.timer b/debian/taler-exchange-offline.taler-exchange-offline.timer new file mode 100644 index 000000000..5e605e818 --- /dev/null +++ b/debian/taler-exchange-offline.taler-exchange-offline.timer @@ -0,0 +1,20 @@ +# This file is in the public domain. +# +# Note that this timer is deliberately NOT active +# by default as it is ONLY applicable if the +# taler-exchange-offline tool is run on the *online* +# service and not actually offline. It is provided +# for convenience in setups that do not use offline +# signing. You may need to adjust the +# taler-exchange-offline.service file before using it! +[Unit] +Description=taler-exchange-offline maintenance +Documentation=man:taler-exchange-offline(1) + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install index 725dd6de1..f8fef2c3b 100644 --- a/debian/taler-exchange.install +++ b/debian/taler-exchange.install @@ -1,9 +1,12 @@ usr/bin/taler-exchange-aggregator usr/bin/taler-exchange-closer -usr/bin/taler-exchange-dbinit usr/bin/taler-exchange-drain usr/bin/taler-exchange-expire usr/bin/taler-exchange-httpd +usr/bin/taler-exchange-kyc-aml-pep-trigger.sh +usr/bin/taler-exchange-kyc-oauth2-challenger.sh +usr/bin/taler-exchange-kyc-kycaid-converter.sh +usr/bin/taler-exchange-kyc-persona-converter.sh usr/bin/taler-exchange-router usr/bin/taler-exchange-secmod-cs usr/bin/taler-exchange-secmod-eddsa @@ -15,25 +18,23 @@ usr/lib/*/taler/libtaler_plugin_kyclogic_*.so usr/lib/*/taler/libtaler_extension_*.so usr/share/man/man1/taler-exchange-aggregator* usr/share/man/man1/taler-exchange-closer* +usr/share/man/man1/taler-exchange-dbconfig* usr/share/man/man1/taler-exchange-dbinit* usr/share/man/man1/taler-exchange-drain* usr/share/man/man1/taler-exchange-expire* usr/share/man/man1/taler-exchange-httpd* +usr/share/man/man1/taler-exchange-kyc-aml-pep-trigger* usr/share/man/man1/taler-exchange-router* +usr/share/man/man1/taler-exchange-secmod-cs* usr/share/man/man1/taler-exchange-secmod-eddsa* usr/share/man/man1/taler-exchange-secmod-rsa* -usr/share/man/man1/taler-exchange-secmod-cs* usr/share/man/man1/taler-exchange-transfer* -usr/share/man/man1/taler-exchange-wirewatch* -usr/share/man/man1/taler-bank* usr/share/man/man1/taler-exchange-wire-gateway-client* -usr/share/info/taler-bank* +usr/share/man/man1/taler-exchange-wirewatch* usr/share/info/taler-exchange* usr/share/taler/config.d/* usr/share/taler/exchange/templates/*.must +usr/share/taler/exchange/spa/* # configuration files in /etc/taler debian/etc-taler-exchange/* etc/ - -usr/share/taler/exchange/pp/*/* -usr/share/taler/exchange/tos/*/* diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 892e48475..7509a7749 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -13,6 +13,7 @@ _CSECUSERNAME=taler-exchange-secmod-cs _RSECUSERNAME=taler-exchange-secmod-rsa _ESECUSERNAME=taler-exchange-secmod-eddsa _AGGRUSERNAME=taler-exchange-aggregator +_EXPIUSERNAME=taler-exchange-expire _WIREUSERNAME=taler-exchange-wire case "${1}" in @@ -53,16 +54,20 @@ configure) adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_AGGRUSERNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} fi + if ! getent passwd ${_EXPIUSERNAME} >/dev/null; then + adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_EXPIUSERNAME} + adduser --quiet ${_EXPIUSERNAME} ${_DBGROUPNAME} + fi if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - ${_WIREUSERNAME} root 460 \ + ${_WIREUSERNAME} root 640 \ /etc/taler/secrets/exchange-accountcredentials-1.secret.conf fi if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then dpkg-statoverride --add --update \ - root ${_DBGROUPNAME} 660 \ + root ${_DBGROUPNAME} 640 \ /etc/taler/secrets/exchange-db.secret.conf fi diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm index 6488d268b..fcde84b58 100644 --- a/debian/taler-exchange.postrm +++ b/debian/taler-exchange.postrm @@ -2,6 +2,18 @@ set -e +_GROUPNAME=taler-exchange-secmod +_DBGROUPNAME=taler-exchange-db +_EUSERNAME=taler-exchange-httpd +_CLOSERUSERNAME=taler-exchange-closer +_CSECUSERNAME=taler-exchange-secmod-cs +_RSECUSERNAME=taler-exchange-secmod-rsa +_ESECUSERNAME=taler-exchange-secmod-eddsa +_AGGRUSERNAME=taler-exchange-aggregator +_EXPIUSERNAME=taler-exchange-expire +_WIREUSERNAME=taler-exchange-wire + + if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi @@ -9,6 +21,20 @@ fi case "${1}" in purge) rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-* + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-accountcredentials-1.secret.conf || true + dpkg-statoverride --remove \ + /etc/taler/secrets/exchange-db.secret.conf || true + deluser --quiet --system ${_CSECUSERNAME} || true + deluser --quiet --system ${_RSECUSERNAME} || true + deluser --quiet --system ${_ESECUSERNAME} || true + deluser --quiet --system ${_AGGRUSERNAME} || true + deluser --quiet --system ${_EXPIUSERNAME} || true + deluser --quiet --system ${_WIREUSERNAME} || true + deluser --quiet --system ${_CLOSERUSERNAME} || true + deluser --quiet --system ${_EUSERNAME} || true + delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true + delgroup --only-if-empty --quiet ${_GROUPNAME} || true ;; remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) diff --git a/debian/taler-exchange.taler-exchange-aggregator.service b/debian/taler-exchange.taler-exchange-aggregator.service index 246cad5c1..db297270f 100644 --- a/debian/taler-exchange.taler-exchange-aggregator.service +++ b/debian/taler-exchange.taler-exchange-aggregator.service @@ -7,8 +7,10 @@ After=postgres.service User=taler-exchange-aggregator Type=simple Restart=always +RestartMode=direct RestartSec=1s -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-aggregator@.service b/debian/taler-exchange.taler-exchange-aggregator@.service index bfc44a9a9..b13997ae2 100644 --- a/debian/taler-exchange.taler-exchange-aggregator@.service +++ b/debian/taler-exchange.taler-exchange-aggregator@.service @@ -1,3 +1,9 @@ +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + [Unit] Description=GNU Taler payment system exchange aggregator service PartOf=taler-exchange.target @@ -7,7 +13,8 @@ User=taler-exchange-aggregator Type=simple Restart=always RestartSec=1s -ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-closer.service b/debian/taler-exchange.taler-exchange-closer.service index 97a385c13..ba57522b0 100644 --- a/debian/taler-exchange.taler-exchange-closer.service +++ b/debian/taler-exchange.taler-exchange-closer.service @@ -7,8 +7,10 @@ After=network.target postgres.service User=taler-exchange-closer Type=simple Restart=always +RestartMode=direct RestartSec=1s -ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-expire.service b/debian/taler-exchange.taler-exchange-expire.service index 250f210fe..8fd9a9f74 100644 --- a/debian/taler-exchange.taler-exchange-expire.service +++ b/debian/taler-exchange.taler-exchange-expire.service @@ -7,8 +7,10 @@ After=postgres.service User=taler-exchange-expire Type=simple Restart=always +RestartMode=direct RestartSec=1s -ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-httpd.service b/debian/taler-exchange.taler-exchange-httpd.service index 3671bdc7d..cbde72522 100644 --- a/debian/taler-exchange.taler-exchange-httpd.service +++ b/debian/taler-exchange.taler-exchange-httpd.service @@ -12,7 +12,9 @@ Type=simple # Depending on the configuration, the service process kills itself and then # needs to be restarted. Thus no significant delay on restarts. Restart=always +RestartMode=direct RestartSec=1ms +RestartPreventExitStatus=2 3 4 5 6 9 # Disable the service if more than 5 restarts are encountered within 5s. # These are usually the systemd defaults, but can be overwritten, thus we set @@ -21,7 +23,7 @@ RestartSec=1ms StartLimitBurst=5 StartLimitInterval=5s -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no diff --git a/debian/taler-exchange.taler-exchange-httpd@.service b/debian/taler-exchange.taler-exchange-httpd@.service index e0246899c..c4d010b80 100644 --- a/debian/taler-exchange.taler-exchange-httpd@.service +++ b/debian/taler-exchange.taler-exchange-httpd@.service @@ -1,4 +1,9 @@ -% This is a systemd service template. +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + [Unit] Description=GNU Taler payment system exchange REST API at %I AssertPathExists=/run/taler/exchange-httpd @@ -14,8 +19,9 @@ Type=simple Restart=always # Do not dally on restarts. RestartSec=1ms +RestartPreventExitStatus=9 EnvironmentFile=/etc/environment -ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no diff --git a/debian/taler-exchange.taler-exchange-secmod-cs.service b/debian/taler-exchange.taler-exchange-secmod-cs.service index 3b5e0745d..b11c04552 100644 --- a/debian/taler-exchange.taler-exchange-secmod-cs.service +++ b/debian/taler-exchange.taler-exchange-secmod-cs.service @@ -8,7 +8,8 @@ User=taler-exchange-secmod-cs Type=simple Restart=always RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service b/debian/taler-exchange.taler-exchange-secmod-eddsa.service index e8fba1736..17f1da3f5 100644 --- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service @@ -8,7 +8,8 @@ User=taler-exchange-secmod-eddsa Type=simple Restart=always RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no @@ -16,4 +17,3 @@ PrivateDevices=yes ProtectSystem=full IPAddressDeny=any Slice=taler-exchange.slice - diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service b/debian/taler-exchange.taler-exchange-secmod-rsa.service index 10a9585a7..854737d03 100644 --- a/debian/taler-exchange.taler-exchange-secmod-rsa.service +++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service @@ -8,7 +8,8 @@ User=taler-exchange-secmod-rsa Type=simple Restart=always RestartSec=100ms -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=no diff --git a/debian/taler-exchange.taler-exchange-transfer.service b/debian/taler-exchange.taler-exchange-transfer.service index e26af20d0..ffe2f1955 100644 --- a/debian/taler-exchange.taler-exchange-transfer.service +++ b/debian/taler-exchange.taler-exchange-transfer.service @@ -7,8 +7,10 @@ PartOf=taler-exchange.target User=taler-exchange-wire Type=simple Restart=always +RestartMode=direct RestartSec=1s -ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-wirewatch.service b/debian/taler-exchange.taler-exchange-wirewatch.service index 7b74737b7..40103bb51 100644 --- a/debian/taler-exchange.taler-exchange-wirewatch.service +++ b/debian/taler-exchange.taler-exchange-wirewatch.service @@ -7,9 +7,11 @@ PartOf=taler-exchange.target User=taler-exchange-wire Type=simple Restart=always +RestartMode=direct RestartSec=1s +RestartPreventExitStatus=2 3 4 5 6 9 RuntimeMaxSec=3600s -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-exchange.taler-exchange-wirewatch@.service b/debian/taler-exchange.taler-exchange-wirewatch@.service index 85bb9268b..a2836c6b9 100644 --- a/debian/taler-exchange.taler-exchange-wirewatch@.service +++ b/debian/taler-exchange.taler-exchange-wirewatch@.service @@ -1,3 +1,9 @@ +# This is a systemd service template to instantiate +# the service multiple times for parallelism. +# We currently don't ship it with the package, +# but might use it for future high-performance +# deployments. + [Unit] Description=GNU Taler payment system exchange wirewatch service After=network.target @@ -8,7 +14,8 @@ User=taler-exchange-wire Type=simple Restart=always RestartSec=1s -ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +RestartPreventExitStatus=9 +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO StandardOutput=journal StandardError=journal PrivateTmp=yes diff --git a/debian/taler-terms-generator.install b/debian/taler-terms-generator.install new file mode 100644 index 000000000..19972ffc7 --- /dev/null +++ b/debian/taler-terms-generator.install @@ -0,0 +1,8 @@ +usr/share/man/man1/taler-terms-generator.1 +usr/bin/taler-terms-generator + +# Terms of service / privacy policy templates +usr/share/taler/terms/*.rst + +# Translations of ToS/PP +usr/share/locale/*/LC_MESSAGES/*.po |