summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog117
-rw-r--r--debian/control33
-rw-r--r--debian/etc-libtalerexchange/taler/taler.conf12
-rw-r--r--debian/etc-taler-auditor/nginx/sites-available/taler-auditor23
-rw-r--r--debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf2
-rw-r--r--debian/etc-taler-exchange/nginx/sites-available/taler-exchange7
-rw-r--r--debian/etc-taler-exchange/taler/conf.d/exchange-business.conf25
-rw-r--r--debian/etc-taler-exchange/taler/conf.d/exchange-system.conf3
-rw-r--r--debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf (renamed from debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf)0
-rw-r--r--debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf2
-rw-r--r--debian/libtalerexchange-dev.install18
-rw-r--r--debian/libtalerexchange.install2
-rw-r--r--debian/libtalerexchange.postinst28
-rwxr-xr-xdebian/rules2
-rw-r--r--debian/taler-auditor.install6
-rw-r--r--debian/taler-auditor.postinst5
-rw-r--r--debian/taler-auditor.postrm9
-rw-r--r--debian/taler-auditor.taler-auditor-httpd.service3
-rw-r--r--debian/taler-auditor.taler-helper-auditor-deposits.service15
-rw-r--r--debian/taler-exchange-database.install2
-rw-r--r--debian/taler-exchange-offline.postinst13
-rw-r--r--debian/taler-exchange-offline.taler-exchange-offline.service36
-rw-r--r--debian/taler-exchange-offline.taler-exchange-offline.timer20
-rw-r--r--debian/taler-exchange.install22
-rw-r--r--debian/taler-exchange.postinst14
-rw-r--r--debian/taler-exchange.postrm26
-rw-r--r--debian/taler-exchange.taler-exchange-aggregator.service8
-rw-r--r--debian/taler-exchange.taler-exchange-aggregator@.service12
-rw-r--r--debian/taler-exchange.taler-exchange-closer.service8
-rw-r--r--debian/taler-exchange.taler-exchange-expire.service8
-rw-r--r--debian/taler-exchange.taler-exchange-httpd.service18
-rw-r--r--debian/taler-exchange.taler-exchange-httpd@.service10
-rw-r--r--debian/taler-exchange.taler-exchange-secmod-cs.service3
-rw-r--r--debian/taler-exchange.taler-exchange-secmod-eddsa.service4
-rw-r--r--debian/taler-exchange.taler-exchange-secmod-rsa.service3
-rw-r--r--debian/taler-exchange.taler-exchange-transfer.service9
-rw-r--r--debian/taler-exchange.taler-exchange-wirewatch.service9
-rw-r--r--debian/taler-exchange.taler-exchange-wirewatch@.service12
-rw-r--r--debian/taler-exchange.tmpfiles3
-rw-r--r--debian/taler-terms-generator.install8
40 files changed, 472 insertions, 88 deletions
diff --git a/debian/changelog b/debian/changelog
index 1bff0832b..0e86cc611 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,120 @@
+taler-exchange (0.10.0) unstable; urgency=low
+
+ * Fixed major issue where uploading wire data to an
+ exchange twice would result in broken signatures and
+ a permanently non-working account.
+ * Implemented #8000, allowing an exchange to express
+ preferences over the different bank accounts so that
+ users are shown the best choices to withdraw from first.
+ * This version requires a more recent GNUnet (>= 0.21.1).
+
+ -- Christian Grothoff <grothoff@gnu.org> Sat, 9 Mar 2024 21:50:12 +0200
+
+taler-exchange (0.9.4-2) unstable; urgency=low
+
+ * Created new taler-terms-generator package
+ * v0.9.4a bugfix release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Mon, 3 Mar 2024 21:50:12 +0200
+
+taler-exchange (0.9.4-1) unstable; urgency=low
+
+ * Actual v0.9.4 release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Sat, 10 Feb 2024 03:50:12 +0200
+
+taler-exchange (0.9.4) unstable; urgency=low
+
+ * Preparations for v0.9.4 release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Sun, 21 Jan 2024 03:50:12 +0200
+
+taler-exchange (0.9.3-7) unstable; urgency=low
+
+ * Move currencies.conf into libtalerexchange base package.
+
+ -- Christian Grothoff <grothoff@gnu.org> Tue, 15 Dec 2023 18:50:12 -0700
+
+taler-exchange (0.9.3-6) unstable; urgency=low
+
+ * Generate proper markdown in taler-terms-generator.
+ * Return language code for legal terms.
+
+ -- Christian Grothoff <grothoff@gnu.org> Tue, 13 Dec 2023 18:50:12 -0700
+
+taler-exchange (0.9.3-5) unstable; urgency=low
+
+ * More fixes to the database setup automation scripts.
+ * Implement latest /config API in fakebank.
+
+ -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Dec 2023 00:50:12 -0800
+
+taler-exchange (0.9.3-4) unstable; urgency=low
+
+ * Minor hot-fixes to the database setup automation script.
+
+ -- Christian Grothoff <grothoff@gnu.org> Fri, 1 Dec 2023 10:50:12 -0800
+
+taler-exchange (0.9.3-3) unstable; urgency=low
+
+ * This packages the v0.9.3b bugfix release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200
+
+taler-exchange (0.9.3-2) unstable; urgency=low
+
+ * This packages the v0.9.3a bugfix release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200
+
+taler-exchange (0.9.3-1) unstable; urgency=low
+
+ * Actual v0.9.3 release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Wed, 27 Sep 2023 03:50:12 +0200
+
+taler-exchange (0.9.3) unstable; urgency=low
+
+ * First work towards packaging v0.9.3.
+
+ -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Sep 2023 23:50:12 +0200
+
+taler-exchange (0.9.2-3) unstable; urgency=low
+
+ * Improvements to timeout handling when DB is not available yet.
+
+ -- Florian Dold <dold@taler.net> Tue, 14 Mar 2023 12:30:15 +0100
+
+taler-exchange (0.9.2-2) unstable; urgency=low
+
+ * Further improvements to Debian package.
+
+ -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200
+
+taler-exchange (0.9.2-1) unstable; urgency=low
+
+ * Minor improvements to Debian package, also adds age-withdraw REST APIs.
+
+ -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200
+
+taler-exchange (0.9.2) unstable; urgency=low
+
+ * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Tue, 21 Feb 2023 13:50:12 +0200
+
+taler-exchange (0.9.1) unstable; urgency=low
+
+ * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Tue, 17 Jan 2023 11:50:12 +0200
+
+taler-exchange (0.9.0) unstable; urgency=low
+
+ * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org> Sat, 5 Nov 2022 11:50:12 +0200
+
taler-exchange (0.8.99-2) unstable; urgency=low
* Packaging latest pre-release from Git.
diff --git a/debian/control b/debian/control
index 995b5d3ee..fd6dfc158 100644
--- a/debian/control
+++ b/debian/control
@@ -7,22 +7,21 @@ Build-Depends:
automake (>=1.11.1),
autopoint,
bash,
+ gcc-12,
debhelper-compat (= 12),
gettext,
- libgnunet-dev (>=0.17.1),
+ libgnunet-dev (>=0.21),
libcurl4-gnutls-dev (>=7.35.0) | libcurl4-openssl-dev (>= 7.35.0),
libgcrypt20-dev (>=1.8),
libgnutls28-dev (>=3.2.12),
libidn2-dev,
- libjansson-dev,
+ libjansson-dev (>= 2.13),
libltdl-dev (>=2.2),
libmicrohttpd-dev (>=0.9.71),
- libpq-dev (>=13),
+ libpq-dev (>=14),
libsodium-dev (>=1.0.11),
libunistring-dev (>=0.9.2),
- python3-jinja2,
po-debconf,
- python3-dev,
texinfo (>=5.2),
zlib1g-dev
Standards-Version: 4.5.0
@@ -46,6 +45,21 @@ Description: Libraries to talk to a GNU Taler exchange.
various base configuration files and associated
documentation.
+Package: taler-terms-generator
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ lsb-base,
+ pandoc,
+ groff,
+ ghostscript,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: Tool to generate the terms of service
+ and privacy policy for various languages and data
+ formats. Useful for various GNU Taler components.
+
Package: taler-exchange-database
Architecture: any
Pre-Depends:
@@ -71,12 +85,13 @@ Depends:
lsb-base,
netbase,
ucf,
- dbconfig-pgsql | dbconfig-no-thanks,
${misc:Depends},
${shlibs:Depends}
Recommends:
taler-exchange-offline (= ${binary:Version}),
- postgresql (>=13.0)
+ taler-terms-generator,
+ apache2 | nginx | httpd,
+ postgresql (>=14.0)
Description: GNU's payment system operator.
GNU Taler is the privacy-preserving digital payment
system from the GNU project. This package contains the
@@ -124,8 +139,6 @@ Depends:
adduser,
lsb-base,
netbase,
- dbconfig-pgsql | dbconfig-no-thanks,
- python3-jinja2,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system auditor.
@@ -143,7 +156,7 @@ Section: libdevel
Architecture: any
Depends:
libtalerexchange (= ${binary:Version}),
- libgnunet-dev (>=0.17.1),
+ libgnunet-dev (>=0.21),
libgcrypt20-dev (>=1.8),
libmicrohttpd-dev (>=0.9.71),
${misc:Depends},
diff --git a/debian/etc-libtalerexchange/taler/taler.conf b/debian/etc-libtalerexchange/taler/taler.conf
index 71663be5e..2cf815656 100644
--- a/debian/etc-libtalerexchange/taler/taler.conf
+++ b/debian/etc-libtalerexchange/taler/taler.conf
@@ -30,14 +30,16 @@
# systems is always rounded to this unit.
#currency_round_unit = KUDOS:0.01
+# Monthly amount that mandatorily triggers an AML check
+#AML_THRESHOLD = KUDOS:10000000
[paths]
-TALER_HOME = /var/lib/taler
-TALER_RUNTIME_DIR = /run/taler
-TALER_CACHE_HOME = /var/cache/taler
-TALER_CONFIG_HOME = /etc/taler
-TALER_DATA_HOME = /var/lib/taler
+TALER_HOME = /var/lib/taler/
+TALER_RUNTIME_DIR = /run/taler/
+TALER_CACHE_HOME = /var/cache/taler/
+TALER_CONFIG_HOME = /etc/taler/
+TALER_DATA_HOME = /var/lib/taler/
# Inline configurations from all Taler components.
diff --git a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
index 3fdffdad3..f74035d53 100644
--- a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
+++ b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
@@ -1,7 +1,18 @@
-location /taler-auditor/ {
- proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name localhost;
+
+ access_log /var/log/nginx/auditor.log;
+ error_log /var/log/nginx/auditor.err;
+
+ location /taler-auditor/ {
+ proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "localhost";
+ #proxy_set_header X-Forwarded-Proto "https";
+ }
} \ No newline at end of file
diff --git a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf
index b81bb817f..1278a563b 100644
--- a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf
+++ b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf
@@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form:
-CONFIG=postgres:///DATABASE
+CONFIG=postgres:///taler-auditor
# The details of the URI depend on where the database lives and how
# access control was configured.
diff --git a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
index 13ab88633..9b61a32df 100644
--- a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
+++ b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
@@ -2,13 +2,16 @@ server {
listen 80;
listen [::]:80;
- #server_name example.com;
+ server_name localhost;
+
+ access_log /var/log/nginx/exchange.log;
+ error_log /var/log/nginx/exchange.err;
location /taler-exchange/ {
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
proxy_redirect off;
proxy_set_header Host $host;
- #proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
}
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
index 554852a14..d5938f2b1 100644
--- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
@@ -6,11 +6,19 @@
# which you can get using `taler-exchange-offline setup`.
# This is just an example, your key will be different!
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
-MASTER_PUBLIC_KEY =
+# MASTER_PUBLIC_KEY =
# Publicly visible base URL of the exchange.
# BASE_URL = https://example.com/
-BASE_URL =
+# BASE_URL =
+
+# Here you MUST configure the amount above which transactions are
+# always subject to manual AML review.
+# AML_THRESHOLD =
+
+# Attribute encryption key for storing attributes encrypted
+# in the database. Should be a high-entropy nonce.
+ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE
# For your terms of service and privacy policy, you should specify
# an Etag that must be updated whenever there are significant
@@ -20,18 +28,23 @@ BASE_URL =
# TERMS_ETAG =
# PRIVACY_ETAG =
+SERVE = unix
+UNIXPATH_MODE = 666
# Bank accounts used by the exchange should be specified here:
[exchange-account-1]
-enable_credit = yes
-enable_debit = yes
+ENABLE_CREDIT = NO
+ENABLE_DEBIT = NO
# Account identifier in the form of an RFC-8905 payto:// URI.
# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
# Make sure to URL-encode spaces in $NAME!
-payto_uri =
+PAYTO_URI =
# Credentials to access the account are in a separate
# config file with restricted permissions.
-@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials.secret.conf
+@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf
+
+
+
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf
index 75c670f71..4ad7e06f6 100644
--- a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf
@@ -8,3 +8,6 @@
# Only supported database is Postgres right now.
DATABASE = postgres
+
+
+
diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf
index 8c8d14320..8c8d14320 100644
--- a/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf
diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
index 596dcc92b..08c20074c 100644
--- a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
@@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form:
-CONFIG=postgres:///DATABASE
+CONFIG=postgres:///taler-exchange
# The details of the URI depend on where the database lives and how
# access control was configured.
diff --git a/debian/libtalerexchange-dev.install b/debian/libtalerexchange-dev.install
index e21973509..aa1de818a 100644
--- a/debian/libtalerexchange-dev.install
+++ b/debian/libtalerexchange-dev.install
@@ -1,13 +1,20 @@
# Benchmarks, only install them for the dev package.
usr/bin/taler-aggregator-benchmark
+usr/bin/taler-bank-benchmark
usr/bin/taler-exchange-benchmark
+usr/bin/taler-exchange-kyc-tester
usr/bin/taler-fakebank-run
-usr/bin/taler-bank-benchmark
+usr/bin/taler-unified-setup.sh
+usr/bin/taler-exchange-kyc-oauth2-test-converter.sh
+
+# Man pages
+usr/share/man/man1/taler-aggregator-benchmark*
+usr/share/man/man1/taler-bank-benchmark*
+usr/share/man/man1/taler-exchange-kyc-tester*
+usr/share/man/man1/taler-exchange-benchmark*
+usr/share/man/man1/taler-fakebank-run*
+usr/share/man/man1/taler-unified-setup*
-# Only used in test cases. Maybe these
-# shouldn't even be installed?
-usr/bin/taler-nexus-prepare
-usr/bin/taler-bank-manage-testing
# Headers
usr/include/taler/*
@@ -22,5 +29,4 @@ usr/lib/*/libtalertesting.so
usr/lib/*/libtalerfakebank.so
# Documentation
-usr/share/man/man1/taler-exchange-benchmark*
usr/share/info/taler-developer-manual*
diff --git a/debian/libtalerexchange.install b/debian/libtalerexchange.install
index 62dd84a61..f3c52ba8d 100644
--- a/debian/libtalerexchange.install
+++ b/debian/libtalerexchange.install
@@ -2,9 +2,9 @@ usr/lib/*/libtaler*.so.*
# FIXME: All this should eventually go into taler-base.
usr/share/taler/config.d/paths.conf
+usr/share/taler/config.d/currencies.conf
usr/share/taler/config.d/taler.conf
debian/etc-libtalerexchange/* etc/
usr/bin/taler-config
-usr/bin/taler-crypto-worker
usr/share/man/man5/taler.conf.5
usr/share/man/man1/taler-config*
diff --git a/debian/libtalerexchange.postinst b/debian/libtalerexchange.postinst
new file mode 100644
index 000000000..40b4be061
--- /dev/null
+++ b/debian/libtalerexchange.postinst
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+case "${1}" in
+configure)
+
+ if ! dpkg-statoverride --list /etc/taler/taler.conf >/dev/null 2>&1; then
+ dpkg-statoverride --add --update \
+ root root 644 \
+ /etc/taler/taler.conf
+ fi
+
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+
+*)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
index aef4bf5f8..6bdc2edd1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,6 +38,7 @@ override_dh_installsystemd:
# and dh_installsystemd by default only looks for "<package>.service".
dh_installsystemd -ptaler-exchange --name=taler-exchange-httpd --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-aggregator --no-start --no-enable
+ dh_installsystemd -ptaler-exchange --name=taler-exchange-expire --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-transfer --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-wirewatch --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange-secmod-cs --no-start --no-enable
@@ -46,6 +47,7 @@ override_dh_installsystemd:
dh_installsystemd -ptaler-exchange --name=taler-exchange-closer --no-start --no-enable
dh_installsystemd -ptaler-auditor --name=taler-auditor-httpd --no-start --no-enable
dh_installsystemd -ptaler-exchange --name=taler-exchange --no-start --no-enable
+ dh_installsystemd -ptaler-exchange-offline --name=taler-exchange-offline --no-start --no-enable
# final invocation to generate daemon reload
dh_installsystemd
diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install
index 0d7d941a0..4f3d5a1b2 100644
--- a/debian/taler-auditor.install
+++ b/debian/taler-auditor.install
@@ -1,16 +1,20 @@
usr/bin/taler-auditor
+usr/bin/taler-auditor-dbconfig
usr/bin/taler-auditor-dbinit
-usr/bin/taler-auditor-exchange
usr/bin/taler-auditor-httpd
usr/bin/taler-auditor-offline
usr/bin/taler-auditor-sync
usr/bin/taler-helper-auditor-*
+
usr/lib/*/taler/libtaler_plugin_auditor*.so
usr/lib/*/libauditor*
usr/lib/*/libtalerauditordb*
+
usr/share/man/man1/taler-auditor*
usr/share/man/man1/taler-helper-auditor*
+
usr/share/info/taler-auditor*
+
usr/share/taler/config.d/auditor*
usr/share/taler/sql/auditor/*
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
index 4e89be226..847e4aac1 100644
--- a/debian/taler-auditor.postinst
+++ b/debian/taler-auditor.postinst
@@ -20,9 +20,10 @@ configure)
adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME}
fi
- if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1; then
+ if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1
+ then
dpkg-statoverride --add --update \
- ${_USERNAME} ${_GROUPNAME} 660 \
+ ${_USERNAME} ${_GROUPNAME} 640 \
/etc/taler/secrets/auditor-db.secret.conf
fi
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
index 752510e63..639e3241e 100644
--- a/debian/taler-auditor.postrm
+++ b/debian/taler-auditor.postrm
@@ -6,9 +6,16 @@ if [ -f /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
fi
+_USERNAME=taler-auditor-httpd
+_GROUPNAME=taler-auditor-httpd
+
case "${1}" in
purge)
- ;;
+ dpkg-statoverride --remove \
+ /etc/taler/secrets/auditor-db.secret.conf || true
+ deluser --system --quiet ${_USERNAME} || true
+ delgroup --only-if-empty --quiet ${_GROUPNAME} || true
+ ;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
*)
diff --git a/debian/taler-auditor.taler-auditor-httpd.service b/debian/taler-auditor.taler-auditor-httpd.service
index 9aefab641..ac68e41c8 100644
--- a/debian/taler-auditor.taler-auditor-httpd.service
+++ b/debian/taler-auditor.taler-auditor-httpd.service
@@ -6,7 +6,8 @@ After=postgres.service network.target
User=taler-auditor-httpd
Type=simple
Restart=on-failure
-ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf -L INFO
[Install]
WantedBy=multi-user.target
diff --git a/debian/taler-auditor.taler-helper-auditor-deposits.service b/debian/taler-auditor.taler-helper-auditor-deposits.service
new file mode 100644
index 000000000..7185a8d52
--- /dev/null
+++ b/debian/taler-auditor.taler-helper-auditor-deposits.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=GNU Taler auditor helper reporting confirmation deposits
+After=postgres.service
+
+[Service]
+User=taler-auditor-httpd
+Type=simple
+Restart=always
+RestartSec=1s
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-helper-auditor-deposits -c /etc/taler/taler.conf -L INFO
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange-database.install b/debian/taler-exchange-database.install
index 56332366d..da8b0dc47 100644
--- a/debian/taler-exchange-database.install
+++ b/debian/taler-exchange-database.install
@@ -1,5 +1,7 @@
+usr/bin/taler-exchange-dbconfig
usr/bin/taler-exchange-dbinit
usr/lib/*/taler/libtaler_plugin_exchange*.so
+usr/share/man/man1/taler-exchange-dbconfig.1
usr/share/man/man1/taler-exchange-dbinit.1
usr/share/taler/sql/exchange/*
usr/share/taler/config.d/exchangedb.conf
diff --git a/debian/taler-exchange-offline.postinst b/debian/taler-exchange-offline.postinst
index e22ad5920..337bfa5d4 100644
--- a/debian/taler-exchange-offline.postinst
+++ b/debian/taler-exchange-offline.postinst
@@ -4,20 +4,21 @@ set -e
. /usr/share/debconf/confmodule
-TALER_HOME="/var/lib/taler"
-
case "${1}" in
configure)
if ! getent group taler-exchange-offline >/dev/null; then
- addgroup --quiet --system taler-exchange-offline
+ addgroup --quiet taler-exchange-offline
fi
if ! getent passwd taler-exchange-offline >/dev/null; then
- adduser --quiet --system \
+ adduser --quiet \
+ --disabled-password \
+ --system \
+ --shell /bin/bash \
+ --home /home/taler-exchange-offline \
--ingroup taler-exchange-offline \
- --no-create-home \
- --home ${TALER_HOME} taler-exchange-offline
+ taler-exchange-offline
fi
;;
diff --git a/debian/taler-exchange-offline.taler-exchange-offline.service b/debian/taler-exchange-offline.taler-exchange-offline.service
new file mode 100644
index 000000000..9f6227d40
--- /dev/null
+++ b/debian/taler-exchange-offline.taler-exchange-offline.service
@@ -0,0 +1,36 @@
+# This file is in the public domain.
+#
+# This service is expected to be run via the respective
+# timer to ensure that the keys and fees of the exchange
+# are always current.
+#
+# You are expected to edit it to match your desired
+# setup!
+#
+[Unit]
+Description=Daily taler-exchange-offline run
+Documentation=man:taler-exchange-offline(1)
+
+[Service]
+Type=oneshot
+User=taler-exchange-offline
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+Environment="FIAT_CURRENCY=CHF"
+Environment="REGIO_CURRENCY=NETZBON"
+
+ExecStart=taler-exchange-offline \
+ download \
+ sign \
+ wire-fee now \
+ iban "${FIAT_CURRENCY}":0 "${FIAT_CURRENCY}":0 \
+ wire-fee now \
+ x-taler-bank "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 \
+ global-fee now \
+ "${REGIO_CURRENCY}:0" \
+ "${REGIO_CURRENCY}:0" \
+ "${REGIO_CURRENCY}:0"
+ 4w 6y 4 \
+ upload
diff --git a/debian/taler-exchange-offline.taler-exchange-offline.timer b/debian/taler-exchange-offline.taler-exchange-offline.timer
new file mode 100644
index 000000000..5e605e818
--- /dev/null
+++ b/debian/taler-exchange-offline.taler-exchange-offline.timer
@@ -0,0 +1,20 @@
+# This file is in the public domain.
+#
+# Note that this timer is deliberately NOT active
+# by default as it is ONLY applicable if the
+# taler-exchange-offline tool is run on the *online*
+# service and not actually offline. It is provided
+# for convenience in setups that do not use offline
+# signing. You may need to adjust the
+# taler-exchange-offline.service file before using it!
+[Unit]
+Description=taler-exchange-offline maintenance
+Documentation=man:taler-exchange-offline(1)
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index 0af0788ae..f8fef2c3b 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,8 +1,12 @@
usr/bin/taler-exchange-aggregator
usr/bin/taler-exchange-closer
-usr/bin/taler-exchange-dbinit
+usr/bin/taler-exchange-drain
usr/bin/taler-exchange-expire
usr/bin/taler-exchange-httpd
+usr/bin/taler-exchange-kyc-aml-pep-trigger.sh
+usr/bin/taler-exchange-kyc-oauth2-challenger.sh
+usr/bin/taler-exchange-kyc-kycaid-converter.sh
+usr/bin/taler-exchange-kyc-persona-converter.sh
usr/bin/taler-exchange-router
usr/bin/taler-exchange-secmod-cs
usr/bin/taler-exchange-secmod-eddsa
@@ -10,25 +14,27 @@ usr/bin/taler-exchange-secmod-rsa
usr/bin/taler-exchange-transfer
usr/bin/taler-exchange-wirewatch
usr/bin/taler-exchange-wire-gateway-client
+usr/lib/*/taler/libtaler_plugin_kyclogic_*.so
+usr/lib/*/taler/libtaler_extension_*.so
usr/share/man/man1/taler-exchange-aggregator*
usr/share/man/man1/taler-exchange-closer*
+usr/share/man/man1/taler-exchange-dbconfig*
usr/share/man/man1/taler-exchange-dbinit*
+usr/share/man/man1/taler-exchange-drain*
usr/share/man/man1/taler-exchange-expire*
usr/share/man/man1/taler-exchange-httpd*
+usr/share/man/man1/taler-exchange-kyc-aml-pep-trigger*
usr/share/man/man1/taler-exchange-router*
+usr/share/man/man1/taler-exchange-secmod-cs*
usr/share/man/man1/taler-exchange-secmod-eddsa*
usr/share/man/man1/taler-exchange-secmod-rsa*
-usr/share/man/man1/taler-exchange-secmod-cs*
usr/share/man/man1/taler-exchange-transfer*
-usr/share/man/man1/taler-exchange-wirewatch*
-usr/share/man/man1/taler-bank*
usr/share/man/man1/taler-exchange-wire-gateway-client*
-usr/share/info/taler-bank*
+usr/share/man/man1/taler-exchange-wirewatch*
usr/share/info/taler-exchange*
usr/share/taler/config.d/*
+usr/share/taler/exchange/templates/*.must
+usr/share/taler/exchange/spa/*
# configuration files in /etc/taler
debian/etc-taler-exchange/* etc/
-
-usr/share/taler/exchange/pp/*/*
-usr/share/taler/exchange/tos/*/*
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index b68ee19f4..7509a7749 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -13,6 +13,7 @@ _CSECUSERNAME=taler-exchange-secmod-cs
_RSECUSERNAME=taler-exchange-secmod-rsa
_ESECUSERNAME=taler-exchange-secmod-eddsa
_AGGRUSERNAME=taler-exchange-aggregator
+_EXPIUSERNAME=taler-exchange-expire
_WIREUSERNAME=taler-exchange-wire
case "${1}" in
@@ -30,6 +31,7 @@ configure)
if ! getent passwd ${_EUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
+ adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
@@ -52,16 +54,20 @@ configure)
adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_AGGRUSERNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
fi
+ if ! getent passwd ${_EXPIUSERNAME} >/dev/null; then
+ adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_EXPIUSERNAME}
+ adduser --quiet ${_EXPIUSERNAME} ${_DBGROUPNAME}
+ fi
- if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then
+ if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
dpkg-statoverride --add --update \
- ${_WIREUSERNAME} root 460 \
- /etc/taler/secrets/exchange-accountcredentials.secret.conf
+ ${_WIREUSERNAME} root 640 \
+ /etc/taler/secrets/exchange-accountcredentials-1.secret.conf
fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then
dpkg-statoverride --add --update \
- root ${_DBGROUPNAME} 660 \
+ root ${_DBGROUPNAME} 640 \
/etc/taler/secrets/exchange-db.secret.conf
fi
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
index 6488d268b..fcde84b58 100644
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@@ -2,6 +2,18 @@
set -e
+_GROUPNAME=taler-exchange-secmod
+_DBGROUPNAME=taler-exchange-db
+_EUSERNAME=taler-exchange-httpd
+_CLOSERUSERNAME=taler-exchange-closer
+_CSECUSERNAME=taler-exchange-secmod-cs
+_RSECUSERNAME=taler-exchange-secmod-rsa
+_ESECUSERNAME=taler-exchange-secmod-eddsa
+_AGGRUSERNAME=taler-exchange-aggregator
+_EXPIUSERNAME=taler-exchange-expire
+_WIREUSERNAME=taler-exchange-wire
+
+
if [ -f /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
fi
@@ -9,6 +21,20 @@ fi
case "${1}" in
purge)
rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-*
+ dpkg-statoverride --remove \
+ /etc/taler/secrets/exchange-accountcredentials-1.secret.conf || true
+ dpkg-statoverride --remove \
+ /etc/taler/secrets/exchange-db.secret.conf || true
+ deluser --quiet --system ${_CSECUSERNAME} || true
+ deluser --quiet --system ${_RSECUSERNAME} || true
+ deluser --quiet --system ${_ESECUSERNAME} || true
+ deluser --quiet --system ${_AGGRUSERNAME} || true
+ deluser --quiet --system ${_EXPIUSERNAME} || true
+ deluser --quiet --system ${_WIREUSERNAME} || true
+ deluser --quiet --system ${_CLOSERUSERNAME} || true
+ deluser --quiet --system ${_EUSERNAME} || true
+ delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true
+ delgroup --only-if-empty --quiet ${_GROUPNAME} || true
;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
diff --git a/debian/taler-exchange.taler-exchange-aggregator.service b/debian/taler-exchange.taler-exchange-aggregator.service
index aa4f32e38..db297270f 100644
--- a/debian/taler-exchange.taler-exchange-aggregator.service
+++ b/debian/taler-exchange.taler-exchange-aggregator.service
@@ -1,16 +1,20 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
+After=postgres.service
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.taler-exchange-aggregator@.service b/debian/taler-exchange.taler-exchange-aggregator@.service
index aa4f32e38..b13997ae2 100644
--- a/debian/taler-exchange.taler-exchange-aggregator@.service
+++ b/debian/taler-exchange.taler-exchange-aggregator@.service
@@ -1,3 +1,9 @@
+# This is a systemd service template to instantiate
+# the service multiple times for parallelism.
+# We currently don't ship it with the package,
+# but might use it for future high-performance
+# deployments.
+
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
@@ -6,11 +12,13 @@ PartOf=taler-exchange.target
User=taler-exchange-aggregator
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
+RestartSec=1s
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.taler-exchange-closer.service b/debian/taler-exchange.taler-exchange-closer.service
index d3a654cc7..ba57522b0 100644
--- a/debian/taler-exchange.taler-exchange-closer.service
+++ b/debian/taler-exchange.taler-exchange-closer.service
@@ -1,16 +1,20 @@
[Unit]
Description=GNU Taler payment system exchange closer service
PartOf=taler-exchange.target
+After=network.target postgres.service
[Service]
User=taler-exchange-closer
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.taler-exchange-expire.service b/debian/taler-exchange.taler-exchange-expire.service
index e4432f231..8fd9a9f74 100644
--- a/debian/taler-exchange.taler-exchange-expire.service
+++ b/debian/taler-exchange.taler-exchange-expire.service
@@ -1,16 +1,20 @@
[Unit]
Description=GNU Taler payment system exchange expire service
PartOf=taler-exchange.target
+After=postgres.service
[Service]
User=taler-exchange-expire
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.taler-exchange-httpd.service b/debian/taler-exchange.taler-exchange-httpd.service
index 98d76f6fb..cbde72522 100644
--- a/debian/taler-exchange.taler-exchange-httpd.service
+++ b/debian/taler-exchange.taler-exchange-httpd.service
@@ -8,12 +8,22 @@ PartOf=taler-exchange.target
[Service]
User=taler-exchange-httpd
Type=simple
-# Depending on the configuration, the service suicides and then
-# needs to be restarted.
+
+# Depending on the configuration, the service process kills itself and then
+# needs to be restarted. Thus no significant delay on restarts.
Restart=always
-# Do not dally on restarts.
+RestartMode=direct
RestartSec=1ms
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
+RestartPreventExitStatus=2 3 4 5 6 9
+
+# Disable the service if more than 5 restarts are encountered within 5s.
+# These are usually the systemd defaults, but can be overwritten, thus we set
+# them here explicitly, as the exchange code assumes StartLimitInterval
+# to be >=5s.
+StartLimitBurst=5
+StartLimitInterval=5s
+
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-httpd@.service b/debian/taler-exchange.taler-exchange-httpd@.service
index e0246899c..c4d010b80 100644
--- a/debian/taler-exchange.taler-exchange-httpd@.service
+++ b/debian/taler-exchange.taler-exchange-httpd@.service
@@ -1,4 +1,9 @@
-% This is a systemd service template.
+# This is a systemd service template to instantiate
+# the service multiple times for parallelism.
+# We currently don't ship it with the package,
+# but might use it for future high-performance
+# deployments.
+
[Unit]
Description=GNU Taler payment system exchange REST API at %I
AssertPathExists=/run/taler/exchange-httpd
@@ -14,8 +19,9 @@ Type=simple
Restart=always
# Do not dally on restarts.
RestartSec=1ms
+RestartPreventExitStatus=9
EnvironmentFile=/etc/environment
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-secmod-cs.service b/debian/taler-exchange.taler-exchange-secmod-cs.service
index 3b5e0745d..b11c04552 100644
--- a/debian/taler-exchange.taler-exchange-secmod-cs.service
+++ b/debian/taler-exchange.taler-exchange-secmod-cs.service
@@ -8,7 +8,8 @@ User=taler-exchange-secmod-cs
Type=simple
Restart=always
RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
index e8fba1736..17f1da3f5 100644
--- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
@@ -8,7 +8,8 @@ User=taler-exchange-secmod-eddsa
Type=simple
Restart=always
RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=no
@@ -16,4 +17,3 @@ PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice
-
diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service b/debian/taler-exchange.taler-exchange-secmod-rsa.service
index 10a9585a7..854737d03 100644
--- a/debian/taler-exchange.taler-exchange-secmod-rsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service
@@ -8,7 +8,8 @@ User=taler-exchange-secmod-rsa
Type=simple
Restart=always
RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-transfer.service b/debian/taler-exchange.taler-exchange-transfer.service
index c7187b30e..ffe2f1955 100644
--- a/debian/taler-exchange.taler-exchange-transfer.service
+++ b/debian/taler-exchange.taler-exchange-transfer.service
@@ -1,17 +1,20 @@
[Unit]
Description=Taler Exchange Transfer Service
-After=network.target
+After=network.target postgres.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.taler-exchange-wirewatch.service b/debian/taler-exchange.taler-exchange-wirewatch.service
index e49472143..40103bb51 100644
--- a/debian/taler-exchange.taler-exchange-wirewatch.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch.service
@@ -1,14 +1,17 @@
[Unit]
Description=GNU Taler payment system exchange wirewatch service
-After=network.target
+After=network.target postgres.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+RuntimeMaxSec=3600s
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
diff --git a/debian/taler-exchange.taler-exchange-wirewatch@.service b/debian/taler-exchange.taler-exchange-wirewatch@.service
index e49472143..a2836c6b9 100644
--- a/debian/taler-exchange.taler-exchange-wirewatch@.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch@.service
@@ -1,3 +1,9 @@
+# This is a systemd service template to instantiate
+# the service multiple times for parallelism.
+# We currently don't ship it with the package,
+# but might use it for future high-performance
+# deployments.
+
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target
@@ -7,11 +13,13 @@ PartOf=taler-exchange.target
User=taler-exchange-wire
Type=simple
Restart=always
-RestartSec=100ms
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
+RestartSec=1s
+RestartPreventExitStatus=9
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf -L INFO
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
diff --git a/debian/taler-exchange.tmpfiles b/debian/taler-exchange.tmpfiles
index 79554ccf2..c2a796539 100644
--- a/debian/taler-exchange.tmpfiles
+++ b/debian/taler-exchange.tmpfiles
@@ -1,7 +1,8 @@
#Type Path Mode UID GID Age Argument
d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - -
+d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod - -
d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - -
d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - -
-d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline - -
+d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - -
diff --git a/debian/taler-terms-generator.install b/debian/taler-terms-generator.install
new file mode 100644
index 000000000..19972ffc7
--- /dev/null
+++ b/debian/taler-terms-generator.install
@@ -0,0 +1,8 @@
+usr/share/man/man1/taler-terms-generator.1
+usr/bin/taler-terms-generator
+
+# Terms of service / privacy policy templates
+usr/share/taler/terms/*.rst
+
+# Translations of ToS/PP
+usr/share/locale/*/LC_MESSAGES/*.po