From 926683c5d9c784952a34e1d9ca97909bdf274c83 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Thu, 29 Jul 2021 19:50:22 +0200 Subject: debian: new config --- contrib/merchant-backoffice | 2 +- debian/.gitignore | 1 + debian/etc/taler-merchant.conf | 8 - debian/etc/taler/conf.d/merchant.conf | 2 + debian/taler-merchant.config | 11 +- debian/taler-merchant.dirs | 2 - debian/taler-merchant.install | 4 +- debian/taler-merchant.links | 1 - debian/taler-merchant.postinst | 173 +++++++-------------- debian/taler-merchant.taler-merchant-httpd.service | 8 + debian/taler-merchant.templates | 18 --- 11 files changed, 74 insertions(+), 156 deletions(-) delete mode 100644 debian/etc/taler-merchant.conf create mode 100644 debian/etc/taler/conf.d/merchant.conf delete mode 100644 debian/taler-merchant.dirs delete mode 100644 debian/taler-merchant.links create mode 100644 debian/taler-merchant.taler-merchant-httpd.service diff --git a/contrib/merchant-backoffice b/contrib/merchant-backoffice index fe987187..4320467d 160000 --- a/contrib/merchant-backoffice +++ b/contrib/merchant-backoffice @@ -1 +1 @@ -Subproject commit fe987187e178816d42ed12178d430c8771cb5a75 +Subproject commit 4320467db1392e5f48a4acd079f7e2a253cf9984 diff --git a/debian/.gitignore b/debian/.gitignore index 923eb8d4..b566fe18 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -23,3 +23,4 @@ taler-merchant/ libtalermerchant.substvars taler-merchant.substvars taler-merchant.postrm.debhelper +taler-merchant.links diff --git a/debian/etc/taler-merchant.conf b/debian/etc/taler-merchant.conf deleted file mode 100644 index 60e2b72d..00000000 --- a/debian/etc/taler-merchant.conf +++ /dev/null @@ -1,8 +0,0 @@ -[taler] -# Note: change this to the currency you will use! -CURRENCY = KUDOS - -[merchant] -SERVE = UNIX -UNIXPATH = /var/lib/taler-merchant/httpd/merchant.sock -DATABASE = postgres diff --git a/debian/etc/taler/conf.d/merchant.conf b/debian/etc/taler/conf.d/merchant.conf new file mode 100644 index 00000000..6efc223a --- /dev/null +++ b/debian/etc/taler/conf.d/merchant.conf @@ -0,0 +1,2 @@ +[merchant] +DATABASE = postgres diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config index 298b8ea7..5ce7ecd7 100644 --- a/debian/taler-merchant.config +++ b/debian/taler-merchant.config @@ -4,12 +4,6 @@ set -e . /usr/share/debconf/confmodule -db_input low taler-merchant/username || true -db_go - -db_input low taler-merchant/groupname || true -db_go - db_input low taler-merchant/reconfigure-webserver || true db_go @@ -30,12 +24,9 @@ dbc_mysql_createdb_encoding="UTF8" dbc_authmethod_user=ident dbc_authmethod_admin=ident - -db_get taler-merchant/username -_USERNAME="${RET:-taler-merchant-httpd}" +_USERNAME=taler-merchant-httpd dbc_dbuser=${_USERNAME} - if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then . /usr/share/dbconfig-common/dpkg/config.pgsql dbc_go taler-merchant "$@" diff --git a/debian/taler-merchant.dirs b/debian/taler-merchant.dirs deleted file mode 100644 index e49de88e..00000000 --- a/debian/taler-merchant.dirs +++ /dev/null @@ -1,2 +0,0 @@ -var/lib/taler-merchant -var/log/taler/ diff --git a/debian/taler-merchant.install b/debian/taler-merchant.install index 4f32e737..3ae878a2 100644 --- a/debian/taler-merchant.install +++ b/debian/taler-merchant.install @@ -6,6 +6,8 @@ usr/share/man/man1/* /usr/share/taler/merchant/* /usr/share/taler/sql/merchant/* /usr/share/taler/config.d/* + debian/etc/* /etc/ -debian/conf/* etc/taler-merchant/ + +# Files needed by dbconf debian/db/install/* usr/share/dbconfig-common/scripts/taler-merchant/install/ diff --git a/debian/taler-merchant.links b/debian/taler-merchant.links deleted file mode 100644 index 8b137891..00000000 --- a/debian/taler-merchant.links +++ /dev/null @@ -1 +0,0 @@ - diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst index f5ed9c4d..fbc67380 100644 --- a/debian/taler-merchant.postinst +++ b/debian/taler-merchant.postinst @@ -2,137 +2,80 @@ set -e +_USERNAME=taler-merchant-httpd +_GROUPNAME=www-data + # Set permissions for sqlite3 file # (for when we support sqlite3 in the future) dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" dbc_dbfile_perms="0600" - # 1st argument will be the SECURITYTOKEN to use. apache_install() { - mkdir -p /etc/apache2/conf-available - if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ]; - then - cat /etc/taler-merchant/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/apache2/conf-available/taler-merchant.conf - fi + mkdir -p /etc/apache2/conf-available + if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ]; then + cat /etc/taler-merchant/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/apache2/conf-available/taler-merchant.conf + fi } # 1st argument will be the SECURITYTOKEN to use. nginx_install() { - mkdir -p /etc/nginx/conf-available - if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ]; - then - cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/nginx/conf-available/taler-merchant.conf - fi + mkdir -p /etc/nginx/conf-available + if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ]; then + cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/nginx/conf-available/taler-merchant.conf + fi } . /usr/share/debconf/confmodule - case "${1}" in - configure) - db_version 2.0 - - db_get taler-merchant/username - _USERNAME="${RET:-taler-merchant-httpd}" - - db_get taler-merchant/groupname - _GROUPNAME="${RET:-www-data}" - - # Read default values - CONFIG_FILE="/etc/default/taler-merchant" - TALER_HOME="/var/lib/taler-merchant" - - # Creating taler group if needed - if ! getent group ${_GROUPNAME} > /dev/null - then - echo -n "Creating new Taler group ${_GROUPNAME}:" - addgroup --quiet --system ${_GROUPNAME} - echo " done." - fi - # Creating taler users if needed - if ! getent passwd ${_USERNAME} > /dev/null - then - echo -n "Creating new Taler user ${_USERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME} - echo " done." - fi - - - # Setup postgres database (needs dbconfig-pgsql package) - if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postinst.pgsql - dbc_pgsql_createdb_encoding="UTF8" - dbc_go taler-merchant "$@" - fi - - chown ${_USERNAME}:postgres /etc/taler-merchant.conf - chmod 460 /etc/taler-merchant.conf - - - # Create access secret - SECRET=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1` - echo SECRET > ${TALER_HOME}/master-api-key.txt - chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt - chmod 440 ${TALER_HOME}/master-api-key.txt - - # Writing new values to configuration file - echo -n "Writing new configuration file:" - CONFIG_NEW=$(tempfile) - -cat > "${CONFIG_NEW}" < "/etc/systemd/system/taler-merchant-httpd.service" </dev/null 2>&1 || true - - cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" - echo " done." - - # Configure Webserver - db_get taler-merchant/reconfigure-webserver - webservers="$RET" - for webserver in $webservers; do - webserver=${webserver%,} - if [ "$webserver" = "nginx" ] ; then - nginx_install "$SECRET" - else - apache_install "$SECRET" - fi - done - db_stop - - # Cleaning - echo "All done." - - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - *) - echo "postinst called with unknown argument \`${1}'" >&2 - exit 1 - ;; +configure) + db_start + db_version 2.0 + + # Read default values + CONFIG_FILE="/etc/default/taler-merchant" + TALER_HOME="/var/lib/taler" + + # Creating taler users if needed + if ! getent passwd ${_USERNAME} >/dev/null; then + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_USERNAME} + fi + + # Setup postgres database (needs dbconfig-pgsql package) + if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postinst.pgsql + dbc_pgsql_createdb_encoding="UTF8" + dbc_go taler-merchant "$@" + fi + + # Create access secret + SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1) + echo SECRET >${TALER_HOME}/master-api-key.txt + chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt + chmod 440 ${TALER_HOME}/master-api-key.txt + + # Configure Webserver + db_get taler-merchant/reconfigure-webserver + webservers="$RET" + for webserver in $webservers; do + webserver=${webserver%,} + if [ "$webserver" = "nginx" ]; then + nginx_install "$SECRET" + else + apache_install "$SECRET" + fi + done + db_stop + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +*) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/taler-merchant.taler-merchant-httpd.service b/debian/taler-merchant.taler-merchant-httpd.service new file mode 100644 index 00000000..7d931742 --- /dev/null +++ b/debian/taler-merchant.taler-merchant-httpd.service @@ -0,0 +1,8 @@ +[Unit] +Description=GNU Taler payment system merchant backend + +[Service] +User=taler-merchant-httpd +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler/taler.conf diff --git a/debian/taler-merchant.templates b/debian/taler-merchant.templates index 5657b080..fb929cdb 100644 --- a/debian/taler-merchant.templates +++ b/debian/taler-merchant.templates @@ -5,21 +5,3 @@ Default: apache2, nginx _Description: Web server to reconfigure automatically: Please choose the web server that should be automatically configured as a frontend for taler-merchant-httpd. - - -Template: taler-merchant/username -Type: string -Default: taler-merchant-httpd -_Description: Taler user: - Please choose the user that the taler-merchant-httpd process will run as. - . - This should be a dedicated account. If the specified account does not - already exist, it will automatically be created, with no login shell. - -Template: taler-merchant/groupname -Type: string -Default: www-data -_Description: Taler group: - Please choose the group that the taler-merchant-httpd will run as. - . - This should be the same group that the Web server is in. -- cgit v1.2.3