donau

Donation authority for GNU Taler (experimental)
Log | Files | Refs | Submodules | README | LICENSE
commit 9dd593b1627170a5a6b704569d72e549e98293e3
parent d4c5ac5e7f15e68d84a16b836d9cd45929a0e7ce
Author: Florian Dold <florian@dold.me>
Date:   Thu, 25 Sep 2025 10:45:08 +0200

update dbinit (newer, idempotent version adapted from exchange.git)

Diffstat:

Mcontrib/donau-dbconfig | 197++++++++++++++++++++++++++++++++++++++++++++++---------------------------------


1 file changed, 115 insertions(+), 82 deletions(-)

diff --git a/contrib/donau-dbconfig b/contrib/donau-dbconfig
@@ -21,115 +21,148 @@ set -eu
 
 RESET_DB=0
 SKIP_DBINIT=0
+FORCE_PERMS=0
 DBUSER="donau-httpd"
 DBGROUP="donau-db"
-DBNAME="donau"
-CFGFILE="/etc/donau/secrets/donau-db.secret.conf"
+CFGFILE="/etc/donau/donau.conf"
 
 # Parse command-line options
-while getopts ':g:hn:rsu:' OPTION; do
-    case "$OPTION" in
-        h)
-            echo 'Supported options:'
-            echo "  -c FILENAME  -- write configuration to FILENAME (default: $CFGFILE)"
-            echo "  -g GROUP     -- donau to be run by GROUP (default: $DBGROUP)"
-            echo "  -h           -- print this help text"
-            echo "  -n NAME      -- user NAME for database name (default: $DBNAME)"
-            echo "  -r           -- reset database (dangerous)"
-            echo "  -s           -- skip database initialization"
-            echo "  -u USER      -- donau to be run by USER (default: $DBUSER)"
-            exit 0
-            ;;
-        n)
-            DBNAME="$OPTARG"
-            ;;
-        r)
-            RESET_DB="1"
-            ;;
-        s)
-            SKIP_DBINIT="1"
-            ;;
-        u)
-            DBUSER="$OPTARG"
-            ;;
-        ?)
-        exit_fail "Unrecognized command line option"
-        ;;
-    esac
+while getopts 'c:g:hprsu:' OPTION; do
+  case "$OPTION" in
+  c)
+    CFGFILE="$OPTARG"
+    ;;
+  h)
+    echo 'Supported options:'
+    echo "  -c FILENAME  -- use configuration FILENAME (default: $CFGFILE)"
+    echo "  -g GROUP     -- donau to be run by GROUP (default: $DBGROUP)"
+    echo "  -h           -- print this help text"
+    echo "  -r           -- reset database (dangerous)"
+    echo "  -p           -- force permission setup even without database initialization"
+    echo "  -s           -- skip database initialization"
+    echo "  -u USER      -- donau to be run by USER (default: $DBUSER)"
+    exit 0
+    ;;
+  p)
+    FORCE_PERMS="1"
+    ;;
+  r)
+    RESET_DB="1"
+    ;;
+  s)
+    SKIP_DBINIT="1"
+    ;;
+  u)
+    DBUSER="$OPTARG"
+    ;;
+  ?)
+    echo "Unrecognized command line option '$OPTION'" 1>&2
+    exit 1
+    ;;
+  esac
 done
 
-if ! id postgres > /dev/null
-then
-    echo "Could not find 'postgres' user. Please install Postgresql first"
-    exit 1
+if ! id postgres >/dev/null; then
+  echo "Could not find 'postgres' user. Please install Postgresql first"
+  exit 1
 fi
 
-if [ "$(id -u)" -ne 0 ]
-then
-    echo "This script must be run as root"
+if [ "$(id -u)" -ne 0 ]; then
+  echo "This script must be run as root"
+  exit 1
+fi
+
+if [ 0 = "$SKIP_DBINIT" ]; then
+  if ! donau-dbinit -v 2>/dev/null; then
+    echo "Required 'donau-dbinit' not found. Please fix your installation."
     exit 1
+  fi
+  DBINIT=$(which donau-dbinit)
 fi
 
-if [ 0 = "$SKIP_DBINIT" ]
-then
-    if ! donau-dbinit -v 2> /dev/null
-    then
-        echo "Required 'donau-dbinit' not found. Please fix your installation."
-    fi
+if ! id "$DBUSER" >/dev/null; then
+  echo "Could not find '$DBUSER' user. Please set it up first"
+  exit 1
 fi
 
-if ! id "$DBUSER" > /dev/null
-then
-    echo "Could not find '$DBUSER' user. Please set it up first"
-    exit 1
+echo "Setting up database user '$DBUSER'." 1>&2
+
+if ! sudo -i -u postgres createuser "$DBUSER" 2>/dev/null; then
+  echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
 fi
 
-if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null
-then
-    if [ 1 = "$RESET_DB" ]
-    then
-        echo "Deleting existing database '$DBNAME'." 1>&2
-        sudo -i -u postgres dropdb "$DBNAME"
-    else
-        echo "Database '$DBNAME' already exists, refusing to setup again."
-        echo "Use -r to delete the existing database first (dangerous!)."
-        exit 77
-    fi
+DBPATH=$(donau-config \
+  -c "$CFGFILE" \
+  -s donaudb-postgres \
+  -o CONFIG)
+
+if ! echo "$DBPATH" | grep "postgres://" >/dev/null; then
+  echo "Invalid database configuration value '$DBPATH'." 1>&2
+  exit 1
 fi
 
-echo "Setting up database user '$DBUSER'." 1>&2
+DBNAME=$(echo "$DBPATH" |
+  sed \
+    -e "s/postgres:\/\/.*\///" \
+    -e "s/?.*//")
 
-if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null
-then
-    echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
+if sudo -i -u postgres psql "$DBNAME" </dev/null 2>/dev/null; then
+  if [ 1 = "$RESET_DB" ]; then
+    echo "Deleting existing database '$DBNAME'." 1>&2
+    if ! sudo -i -u postgres dropdb "$DBNAME"; then
+      echo "Failed to delete existing database '$DBNAME'"
+      exit 1
+    fi
+    DO_CREATE=1
+  else
+    echo "Database '$DBNAME' already exists, continuing anyway."
+    DO_CREATE=0
+  fi
+else
+  DO_CREATE=1
 fi
 
-echo "Creating database '$DBNAME'." 1>&2
+if [ 1 = "$DO_CREATE" ]; then
+  echo "Creating database '$DBNAME'." 1>&2
 
-if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"
-then
+  if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"; then
     echo "Failed to create database '$DBNAME'"
     exit 1
+  fi
 fi
 
-if [ -f "$CFGFILE" ]
-then
-    echo "Adding database configuration to '$CFGFILE'." 1>&2
-    echo -e "[donaudb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
-    chown root:"$DBGROUP" "$CFGFILE"
-    chmod 640 "$CFGFILE"
-else
-    echo "Configuration '$CFGFILE' does not yet exist, creating it." 1>&2
-    mkdir -p "$(dirname "$CFGFILE")"
-    echo -e "[donaudb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
-    chown root:"$DBGROUP" "$CFGFILE"
-    chmod 640 "$CFGFILE"
+if [ 0 = "$SKIP_DBINIT" ]; then
+  echo "Initializing database '$DBNAME'." 1>&2
+  if ! sudo -u "$DBUSER" "$DBINIT" -c "$CFGFILE"; then
+    echo "Failed to initialize database schema"
+    exit 1
+  fi
 fi
 
-if [ 0 = "$SKIP_DBINIT" ]
-then
-    echo "Initializing database '$DBNAME'." 1>&2
-    sudo -u "$DBUSER" donau-dbinit
+if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
+  DB_GRP="$(getent group "$DBGROUP" | sed -e "s/.*://g" -e "s/,/ /g")"
+  echo "Initializing permissions for '$DB_GRP'." 1>&2
+  for GROUPIE in $DB_GRP; do
+    if [ "$GROUPIE" != "$DBUSER" ]; then
+      if ! sudo -i -u postgres createuser "$GROUPIE" 2>/dev/null; then
+        echo "Database user '$GROUPIE' already existed. Continuing anyway." 1>&2
+      fi
+      echo -e 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA donau TO "'"$GROUPIE"'";\n' \
+        'GRANT USAGE ON ALL SEQUENCES IN SCHEMA donau TO "'"$GROUPIE"'";\n' |
+        sudo -u "$DBUSER" psql "$DBNAME"
+      echo -e 'GRANT USAGE ON SCHEMA donau TO "'"$GROUPIE"'"' |
+        sudo -u "$DBUSER" psql "$DBNAME"
+      # Auditor needs to create schema in donau database.
+      echo -e 'GRANT CREATE ON DATABASE "'"$DBNAME"'" TO "'"$GROUPIE"'"' |
+        sudo -u "$DBUSER" psql "$DBNAME"
+      # FIXME: double-check the following GRANTs
+      echo -e 'GRANT USAGE ON SCHEMA _v TO "'"$GROUPIE"'"' |
+        sudo -u "$DBUSER" psql "$DBNAME"
+      echo -e 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA _v TO "'"$GROUPIE"'"' |
+        sudo -u "$DBUSER" psql "$DBNAME"
+
+    fi
+  done
 fi
 
 echo "Database configuration finished." 1>&2