debian/taler-merchant.postinst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

#!/bin/bash

set -e

# Set permissions for sqlite3 file
# (for when we support sqlite3 in the future)
dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}"
dbc_dbfile_perms="0600"


# 1st argument will be the SECURITYTOKEN to use.
apache_install() {
	mkdir -p /etc/apache2/conf-available
    if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
    then
	    cat /etc/taler-merchant/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/apache2/conf-available/taler-merchant.conf
    fi
    # TODO: might want to remember if *we* enabled those, and disable in postrm
    a2enmod proxy
    a2enmod proxy_http
    a2enmod headers
    a2enmod rewrite
}

# 1st argument will be the SECURITYTOKEN to use.
nginx_install() {
	mkdir -p /etc/nginx/conf-available
    if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ];
    then
	    cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/nginx/conf-available/taler-merchant.conf
    fi
}

. /usr/share/debconf/confmodule


case "${1}" in
	configure)
		db_version 2.0

		db_get taler-merchant/username
		_USERNAME="${RET:-taler-merchant-httpd}"

		db_get taler-merchant/groupname
		_GROUPNAME="${RET:-www-data}"

		# Read default values
		CONFIG_FILE="/etc/default/taler-merchant"
		TALER_HOME="/var/lib/taler-merchant"

        # Creating taler group if needed
		if ! getent group ${_GROUPNAME} > /dev/null
		then
			echo -n "Creating new Taler group ${_GROUPNAME}:"
			addgroup --quiet --system ${_GROUPNAME}
			echo " done."
		fi
		# Creating taler users if needed
		if ! getent passwd ${_USERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_USERNAME}:"
			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
			echo " done."
		fi


        # Setup postgres database (needs dbconfig-pgsql package)
        if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
            . /usr/share/dbconfig-common/dpkg/postinst.pgsql
            dbc_pgsql_createdb_encoding="UTF8"
            dbc_go taler-merchant "$@"
        fi

        chown ${_USERNAME}:postgres /etc/taler-merchant.conf
        chmod 460 /etc/taler-merchant.conf


        # Create access secret
        SECRET=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`
        echo SECRET > ${TALER_HOME}/master-api-key.txt
        chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt
        chmod 440 ${TALER_HOME}/master-api-key.txt

        # Writing new values to configuration file
        echo -n "Writing new configuration file:"
        CONFIG_NEW=$(tempfile)

cat > "${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
# please do not edit by hand, use 'dpkg-reconfigure taler-merchant'.

TALER_USER=${_USERNAME}
TALER_GROUP=${_GROUPNAME}
EOF


cat > "/etc/systemd/system/taler-merchant-httpd.service" <<EOF
[Unit]
Description=GNU Taler payment system merchant backend

[Service]
EnvironmentFile=/etc/default/taler-merchant
User=${_USERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler-merchant.conf
EOF

        systemctl daemon-reload

        cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
	    echo " done."

		# Configure Webserver
		db_get taler-merchant/reconfigure-webserver
		webservers="$RET"
		for webserver in $webservers; do
			webserver=${webserver%,}
			if [ "$webserver" = "nginx" ] ; then
				nginx_install "$SECRET"
			else
				apache_install "$SECRET"
			fi
 		        if [ -f /etc/init.d/$webserver ] ; then
        		    	if which invoke-rc.d > /dev/null ; then
                			if invoke-rc.d $webserver status > /dev/null 2>&1 ; then
                  				invoke-rc.d $webserver reload 3>/dev/null || true
	                		fi
        	    		else
                			if /etc/init.d/$webserver status > /dev/null 2>&1 ; then
                    				/etc/init.d/$webserver reload 3>/dev/null || true
                			fi
	            		fi
        		fi
		done
		db_stop

		# Cleaning
		echo "All done."

		;;

	abort-upgrade|abort-remove|abort-deconfigure)

		;;

	*)
		echo "postinst called with unknown argument \`${1}'" >&2
		exit 1
		;;
esac

#DEBHELPER#

exit 0