diff options
Diffstat (limited to 'debian')
23 files changed, 254 insertions, 151 deletions
diff --git a/debian/.gitignore b/debian/.gitignore index b566fe18..f1850388 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -24,3 +24,4 @@ libtalermerchant.substvars taler-merchant.substvars taler-merchant.postrm.debhelper taler-merchant.links +taler-merchant.postinst.debhelper diff --git a/debian/changelog b/debian/changelog index e7831df3..c04b84f3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,117 @@ +taler-merchant (0.10.2) unstable; urgency=low + + * Update various submodules to latest version. + + -- Christian Grothoff <grothoff@gnu.org> Fri, 12 Apr 2024 09:50:12 +0200 + +taler-merchant (0.10.1) unstable; urgency=low + + * Implement cache control headers for /config + * Do not return orders over amount of 0 as unpaid + * Handle refunds in wire transfer reconciliation + * Implement protocol v12 and v13 + * Simplify KYC logic in payment processing + + -- Christian Grothoff <grothoff@gnu.org> Tue, 9 Apr 2024 09:50:12 +0200 + +taler-merchant (0.10.0) unstable; urgency=low + + * Implement public GET API for templates (#8608). + + -- Christian Grothoff <grothoff@gnu.org> Sat, 9 Mar 2024 21:50:12 +0200 + +taler-merchant (0.9.4-3) unstable; urgency=low + + * v0.9.4b bugfix release (mostly updates SPA). + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Mar 2024 21:50:12 +0200 + +taler-merchant (0.9.4-2) unstable; urgency=low + + * v0.9.4a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Mon, 3 Mar 2024 21:50:12 +0200 + +taler-merchant (0.9.4-1) unstable; urgency=low + + * Actual v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 10 Feb 2024 03:50:12 +0200 + +taler-merchant (0.9.4) unstable; urgency=low + + * Add support for new taler-merchant-depositcheck service. + * Packages the v0.9.4 release. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 6 Jan 2024 14:50:12 +0100 + +taler-merchant (0.9.3-5) unstable; urgency=low + + * Tolerate missing currencies.conf, but log a warning. + * Use taler-merchant as default database name. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 15 Dec 2023 18:50:12 -0700 + +taler-merchant (0.9.3-4) unstable; urgency=low + + * More fixes to the database setup automation scripts. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 13 Dec 2023 18:50:12 -0700 + +taler-merchant (0.9.3-3) unstable; urgency=low + + * More fixes to the database setup automation scripts. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Dec 2023 00:50:12 -0800 + +taler-merchant (0.9.3-2) unstable; urgency=low + + * This packages the v0.9.3a bugfix release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 29 Nov 2023 03:50:12 +0200 + +taler-merchant (0.9.3-1) unstable; urgency=low + + * Actual v0.9.3 release. + + -- Christian Grothoff <grothoff@gnu.org> Wed, 27 Sep 2023 03:50:12 +0200 + +taler-merchant (0.9.3) unstable; urgency=low + + * First work towards packaging v0.9.3. + + -- Christian Grothoff <grothoff@gnu.org> Thu, 7 Sep 2023 23:50:12 +0200 + +taler-merchant (0.9.2-5) unstable; urgency=low + + * Further improvements to Debian package. + + -- Florian Dold <dold@taler.net> Wed, 15 Mar 2023 15:48:38 +0100 + +taler-merchant (0.9.2-4) unstable; urgency=low + + * Further improvements to Debian package. + + -- Florian Dold <dold@taler.net> Wed, 08 Mar 2023 18:39:44 +0100 + +taler-merchant (0.9.2-2) unstable; urgency=low + + * Further improvements to Debian package. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200 + +taler-merchant (0.9.2-1) unstable; urgency=low + + * Minor improvements to Debian package. + + -- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200 + +taler-merchant (0.9.2) unstable; urgency=low + + * Packaging latest release. + + -- Christian Grothoff <grothoff@gnu.org> Tue, 21 Feb 2023 13:50:12 +0200 + taler-merchant (0.9.1) unstable; urgency=low * Packaging latest release. diff --git a/debian/control b/debian/control index f0416127..6fa6e6c1 100644 --- a/debian/control +++ b/debian/control @@ -8,9 +8,9 @@ Build-Depends: autopoint, debhelper-compat (= 12), gettext, - libgnunet-dev (>=0.17.1), - libtalerexchange-dev (>=0.8.99), - libpq-dev (>=13.0), + libgnunet-dev (>=0.21), + libtalerexchange-dev (>=0.10.2), + libpq-dev (>=14.0), po-debconf, libqrencode-dev, zlib1g-dev, @@ -47,17 +47,17 @@ Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: - libtalerexchange (>= 0.8.99), + libtalermerchant (= ${binary:Version}), + libtalerexchange (>= 0.10.2), adduser, lsb-base, netbase, - sudo, - apache2 | nginx | httpd, - dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}, ${shlibs:Depends} Recommends: - postgresql (>=13.0) + postgresql (>=14.0), + taler-terms-generator, + apache2 | nginx | httpd Description: GNU's payment system merchant backend. . The GNU Taler merchant backend provides e-commerce @@ -69,8 +69,8 @@ Package: libtalermerchant-dev Section: libdevel Architecture: any Depends: - libtalerexchange-dev (>= 0.8.99), - libgnunet-dev (>=0.17.1), + libtalerexchange-dev (>= 0.10.2), + libgnunet-dev (>=0.21), ${misc:Depends}, ${shlibs:Depends} Description: libraries to talk to a GNU Taler merchant (development). diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql deleted file mode 100755 index 33b8cb1d..00000000 --- a/debian/db/install/pgsql +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set -eu - -merchantdb_secretconf=/etc/taler/secrets/merchant-db.secret.conf -merchantdb_overrideconf=/etc/taler/merchant-overrides.conf - -# Get database settings from dbconfig-common and write Taler configuration files. -if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then - . /etc/dbconfig-common/taler-merchant.conf - case "$dbc_dbtype" in - pgsql) - echo -e "# Config file auto-generated by Debian.\n[merchant]\nDB=postgres\n\n" > \ - $merchantdb_overrideconf - # We assume ident auth here. We might support password auth later. - echo -e "[merchantdb-postgres]\nCONFIG=postgres:///${dbc_dbname}\n\n" > \ - $merchantdb_secretconf - - # Allow the taler-merchant-httpd user to create schemas, needed by dbinit - echo "GRANT CREATE ON DATABASE \"${dbc_dbtype}\" TO \"taler-merchant-httpd\";" | sudo -u postgres psql -f - - # Run database initialization logic - sudo -u taler-merchant-httpd taler-merchant-dbinit -c /etc/taler/taler.conf - ;; - sqlite3) - # Later: use something like: - # sqlite:///$DATA_DIR/merchant.db - # But for now, sqlite is unsupported: - echo "Unsupported database type $dbc_type." - exit 1 - ;; - "") ;; - - *) - echo "Unsupported database type $dbc_type." - exit 1 - ;; - esac -fi diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant index 8de78a88..30ed62db 100644 --- a/debian/etc/nginx/sites-available/taler-merchant +++ b/debian/etc/nginx/sites-available/taler-merchant @@ -12,14 +12,16 @@ server { # - replace with your actual server name server_name localhost; - location / { + access_log /var/log/nginx/merchant.log; + error_log /var/log/nginx/merchant.err; + location /taler-merchant/ { proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; proxy_redirect off; proxy_set_header Host $host; # NOTE: # - put your actual DNS name here - proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Host "localhost"; # NOTE: # - uncomment the following line if you are using HTTPS diff --git a/debian/etc/taler/secrets/merchant-db.secret.conf b/debian/etc/taler/secrets/merchant-db.secret.conf index 85bf6d3e..6cbbb24c 100644 --- a/debian/etc/taler/secrets/merchant-db.secret.conf +++ b/debian/etc/taler/secrets/merchant-db.secret.conf @@ -2,7 +2,7 @@ # Typically, there should only be a single line here, of the form: -CONFIG=postgres:///DATABASE +CONFIG=postgres:///taler-merchant # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/libtalermerchant-dev.install b/debian/libtalermerchant-dev.install index 08045798..1c316573 100644 --- a/debian/libtalermerchant-dev.install +++ b/debian/libtalermerchant-dev.install @@ -3,3 +3,6 @@ usr/include usr/lib/*/*.so usr/lib/*/libtalermerchanttesting.so.* usr/lib/*/libtalermerchanttesting.so + +# Man pages +usr/share/man/man1/taler-merchant-benchmark* diff --git a/debian/libtalermerchant.install b/debian/libtalermerchant.install index de3e6159..3ae1691d 100644 --- a/debian/libtalermerchant.install +++ b/debian/libtalermerchant.install @@ -1 +1,2 @@ usr/lib/*/libtalermerchant.so.* +usr/lib/*/libtalermerchantbank.so.* diff --git a/debian/rules b/debian/rules index 9e170335..eba1c7cd 100755 --- a/debian/rules +++ b/debian/rules @@ -38,6 +38,11 @@ override_dh_installsystemd: # Need to specify units manually, since we have multiple # and dh_installsystemd by default only looks for "<package>.service". dh_installsystemd -ptaler-merchant --name=taler-merchant-httpd --no-start --no-enable + dh_installsystemd -ptaler-merchant --name=taler-merchant-exchange --no-start --no-enable + dh_installsystemd -ptaler-merchant --name=taler-merchant-depositcheck --no-start --no-enable + dh_installsystemd -ptaler-merchant --name=taler-merchant-webhook --no-start --no-enable + dh_installsystemd -ptaler-merchant --name=taler-merchant-wirewatch --no-start --no-enable + dh_installsystemd -ptaler-merchant --name=taler-merchant --no-start --no-enable # final invocation to generate daemon reload dh_installsystemd diff --git a/debian/taler-merchant.README.Debian b/debian/taler-merchant.README.Debian index 4cae6f4b..32ac0f22 100644 --- a/debian/taler-merchant.README.Debian +++ b/debian/taler-merchant.README.Debian @@ -27,7 +27,7 @@ https://localhost:9966/ and configured via a browser at that endpoint. You can improve the security of the setup by enabling the use -of uinx domain sockets, see +of unix domain sockets, see $ info taler-merchant "Secure setup" diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config deleted file mode 100644 index 4a876261..00000000 --- a/debian/taler-merchant.config +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -set -e - -. /usr/share/debconf/confmodule - -_USERNAME=taler-merchant-httpd -_GROUPNAME=www-data - -# For now, we only support postgres -dbc_dbtypes=pgsql -dbc_dbuser=${_USERNAME} - -dbc_authmethod_user=ident -dbc_authmethod_admin=ident - -if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/config.pgsql - dbc_go taler-merchant "$@" -fi - -db_stop diff --git a/debian/taler-merchant.install b/debian/taler-merchant.install index 3ae878a2..b1d93b17 100644 --- a/debian/taler-merchant.install +++ b/debian/taler-merchant.install @@ -9,5 +9,3 @@ usr/share/man/man1/* debian/etc/* /etc/ -# Files needed by dbconf -debian/db/install/* usr/share/dbconfig-common/scripts/taler-merchant/install/ diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst index 58c075d9..cac1355a 100644 --- a/debian/taler-merchant.postinst +++ b/debian/taler-merchant.postinst @@ -22,11 +22,6 @@ TALER_HOME="/var/lib/taler" _USERNAME=taler-merchant-httpd _GROUPNAME=www-data -# Set permissions for sqlite3 file -# (for when we support sqlite3 in the future) -dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" -dbc_dbfile_perms="0600" - . /usr/share/debconf/confmodule case "${1}" in @@ -37,19 +32,12 @@ configure) adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME} fi - if ! dpkg-statoverride --list /etc/taler/secrets/merchant-db.secret.conf >/dev/null 2>&1; then - dpkg-statoverride --add --update \ - taler-merchant-httpd root 460 \ - /etc/taler/secrets/merchant-db.secret.conf - fi - - # Set up postgres database (needs dbconfig-pgsql package) - if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postinst.pgsql - dbc_pgsql_createdb_encoding="UTF8" - dbc_go taler-merchant "$@" + if ! dpkg-statoverride --list /etc/taler/secrets/merchant-db.secret.conf >/dev/null 2>&1 + then + dpkg-statoverride --add --update \ + taler-merchant-httpd root 460 \ + /etc/taler/secrets/merchant-db.secret.conf fi - ;; abort-upgrade | abort-remove | abort-deconfigure) ;; diff --git a/debian/taler-merchant.postrm b/debian/taler-merchant.postrm index 716f8982..693460ef 100644 --- a/debian/taler-merchant.postrm +++ b/debian/taler-merchant.postrm @@ -2,27 +2,26 @@ set -e -if [ -f /usr/share/debconf/confmodule ]; then - . /usr/share/debconf/confmodule -fi +_USERNAME=taler-merchant-httpd + -if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postrm.pgsql - dbc_go taler-merchant "$@" +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule fi case "${1}" in purge) -# TODO: anything to clean up? Like: -# rm -f /etc/taler/merchant-overrides.conf - ;; -remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) - ;; + dpkg-statoverride --remove \ + /etc/taler/secrets/merchant-db.secret.conf || true + deluser --quiet --system ${_USERNAME} || true + ;; - *) - echo "postrm called with unknown argument \`${1}'" >&2 - exit 1 - ;; +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) + ;; +*) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-merchant.preinst b/debian/taler-merchant.preinst deleted file mode 100644 index dda68f09..00000000 --- a/debian/taler-merchant.preinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# We prevent a few questions from being asked -# upon installation by specifying defaults. Namely, -# we want the database to be accessed via Unix domain -# sockets and password-less. - -set -e - -# When purging this package after the selections in the preinst have been made, -# the debconf database is left in an inconsistent state and the package cannot -# be installed again. This happens because dbconf-common will create a -# template for these questions with a shared owner. Purging will only delete -# one of the two templates, leading to a DB state where debconf-set-selections -# fails. We work around this by manually fixing up the debconf database. -# -# Unfortunately we can't do this in "postrm", because during "postrm" -# the configuration database is locked (even after db_stop). -# -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487300 -if [ -x /usr/share/debconf/fix_db.pl ]; then - /usr/share/debconf/fix_db.pl || true -fi - -echo taler-merchant taler-merchant/pgsql/method select Unix socket | debconf-set-selections -echo taler-merchant taler-merchant/pgsql/authmethod-user select ident | debconf-set-selections -echo taler-merchant taler-merchant/pgsql/app-pass password | debconf-set-selections - -exit 0 diff --git a/debian/taler-merchant.prerm b/debian/taler-merchant.prerm index eccb8259..727964b0 100644 --- a/debian/taler-merchant.prerm +++ b/debian/taler-merchant.prerm @@ -6,16 +6,4 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then deb-systemd-invoke stop 'taler-merchant-httpd.service' >/dev/null || true fi -if [ -f /usr/share/debconf/confmodule ]; then - . /usr/share/debconf/confmodule -fi -. /usr/share/dbconfig-common/dpkg/prerm - -if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/prerm.pgsql - dbc_go taler-merchant "$@" -fi - - -db_stop exit 0 diff --git a/debian/taler-merchant.taler-merchant-depositcheck.service b/debian/taler-merchant.taler-merchant-depositcheck.service new file mode 100644 index 00000000..bc5b84c0 --- /dev/null +++ b/debian/taler-merchant.taler-merchant-depositcheck.service @@ -0,0 +1,17 @@ +[Unit] +Description=GNU Taler payment system merchant deposit check service +After=postgres.service + +[Service] +User=taler-merchant-httpd +Type=simple +Restart=always +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-merchant-depositcheck -c /etc/taler/taler.conf -L INFO +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +RuntimeMaxSec=3600s +Slice=taler-merchant.slice diff --git a/debian/taler-merchant.taler-merchant-exchange.service b/debian/taler-merchant.taler-merchant-exchange.service new file mode 100644 index 00000000..4d368c3b --- /dev/null +++ b/debian/taler-merchant.taler-merchant-exchange.service @@ -0,0 +1,17 @@ +[Unit] +Description=GNU Taler merchant-exchange transaction reconciliation service +After=postgres.service + +[Service] +User=taler-merchant-exchange +Type=simple +Restart=always +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-merchant-exchange -c /etc/taler/taler.conf -L INFO +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +RuntimeMaxSec=3600s +Slice=taler-merchant.slice diff --git a/debian/taler-merchant.taler-merchant-httpd.service b/debian/taler-merchant.taler-merchant-httpd.service index 6737fadf..e97bb6f6 100644 --- a/debian/taler-merchant.taler-merchant-httpd.service +++ b/debian/taler-merchant.taler-merchant-httpd.service @@ -1,11 +1,16 @@ [Unit] Description=GNU Taler payment system merchant backend +After=postgres.service [Service] User=taler-merchant-httpd Type=simple -Restart=on-failure -ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler/taler.conf +Restart=always +RestartSec=1s +RestartPreventExitStatus=9 +RuntimeMaxSec=3600s +ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler/taler.conf -L INFO +Slice=taler-merchant.slice [Install] WantedBy=multi-user.target diff --git a/debian/taler-merchant.taler-merchant-webhook.service b/debian/taler-merchant.taler-merchant-webhook.service new file mode 100644 index 00000000..e71bb5c8 --- /dev/null +++ b/debian/taler-merchant.taler-merchant-webhook.service @@ -0,0 +1,17 @@ +[Unit] +Description=GNU Taler payment system merchant backend webhook trigger service +After=postgres.service + +[Service] +User=taler-merchant-httpd +Type=simple +Restart=always +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-merchant-webhook -c /etc/taler/taler.conf -L INFO +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +RuntimeMaxSec=3600s +Slice=taler-merchant.slice diff --git a/debian/taler-merchant.taler-merchant-wirewatch.service b/debian/taler-merchant.taler-merchant-wirewatch.service new file mode 100644 index 00000000..8b61d68e --- /dev/null +++ b/debian/taler-merchant.taler-merchant-wirewatch.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system merchant bank transfer import service +After=postgres.service + +[Service] +User=taler-merchant-httpd +Type=simple +Restart=always +RestartMode=direct +RestartSec=1s +RestartPreventExitStatus=2 3 4 5 6 9 +ExecStart=/usr/bin/taler-merchant-wirewatch -c /etc/taler/taler.conf -L INFO +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +RuntimeMaxSec=3600s +Slice=taler-merchant.slice + diff --git a/debian/taler-merchant.taler-merchant.slice b/debian/taler-merchant.taler-merchant.slice new file mode 100644 index 00000000..6717bf7b --- /dev/null +++ b/debian/taler-merchant.taler-merchant.slice @@ -0,0 +1,7 @@ +[Unit] +Description=Slice for GNU taler merchant processes +Before=slices.target + +[Slice] +# Add settings that should affect all GNU Taler merchant +# components here. diff --git a/debian/taler-merchant.taler-merchant.target b/debian/taler-merchant.taler-merchant.target new file mode 100644 index 00000000..bfab54f5 --- /dev/null +++ b/debian/taler-merchant.taler-merchant.target @@ -0,0 +1,12 @@ +[Unit] +Description=GNU Taler merchant +After=postgres.service network.target + +Wants=taler-merchant-httpd.service +Wants=taler-merchant-wirewatch.service +Wants=taler-merchant-exchange.service +Wants=taler-merchant-webhook.service +Wants=taler-merchant-depositcheck.service + +[Install] +WantedBy=multi-user.target |