exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit 51a8d743d15718b0e66b5ec7d7e0bb6929ffd91b
parent dfbc99923c7fa3e114e56788c694cca2c0396080
Author: Christian Grothoff <christian@grothoff.org>
Date:   Tue, 10 Jun 2025 10:13:03 +0200

create user for sanctionscheck, add service file, move robocop into RATER option of taler-exchange-sanctionscheck (polishing for #9053)

Diffstat:

Mdebian/taler-exchange.postinst | 6++++++


Adebian/taler-exchange.taler-exchange-sanctionscheck.service | 18++++++++++++++++++


Msrc/exchange/taler-exchange-sanctionscheck.c | 59+++++++++++++++++++++++++++++++++++++++++++++--------------


Msrc/testing/test-sanctions.sh | 3+--


Msrc/testing/test_sanctions.conf | 3+++


5 files changed, 73 insertions(+), 16 deletions(-)

diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
@@ -22,6 +22,7 @@ _ESECUSERNAME=taler-exchange-secmod-eddsa
 _AGGRUSERNAME=taler-exchange-aggregator
 _EXPIUSERNAME=taler-exchange-expire
 _WIREUSERNAME=taler-exchange-wire
+_SANCTIONSUSERNAME=taler-exchange-sanctionscheck
 
 case "${1}" in
 configure)
@@ -44,6 +45,11 @@ configure)
     adduser --quiet ${_EUSERNAME} ${_KYCGROUPNAME}
     adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
   fi
+  if ! getent passwd ${_SANCTIONSUSERNAME} >/dev/null; then
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home /var/lib/taler-sanctionscheck ${_SANCTIONSUSERNAME}
+    adduser --quiet ${_SANCTIONSUSERNAME} ${_DBGROUPNAME}
+    adduser --quiet ${_SANCTIONSUSERNAME} ${_KYCGROUPNAME}
+  fi
   if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
     adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
   fi
diff --git a/debian/taler-exchange.taler-exchange-sanctionscheck.service b/debian/taler-exchange.taler-exchange-sanctionscheck.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Exchange sanctionlist checker service
+
+[Service]
+User=taler-exchange-sanctionscheck
+Group=taler-exchange-kyc
+Type=simple
+Restart=always
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+RuntimeMaxSec=3600s
+ExecStart=/usr/bin/taler-exchange-sanctionscheck -c /etc/taler-exchange/taler-exchange.conf -L INFO
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
diff --git a/src/exchange/taler-exchange-sanctionscheck.c b/src/exchange/taler-exchange-sanctionscheck.c
@@ -628,14 +628,6 @@ run (void *cls,
   (void) cls;
   (void) cfgfile;
   cfg = c;
-  if (NULL == args[0])
-  {
-    fprintf (stderr,
-             "You must pass the name of the sanction list helper program as an argument!\n");
-    global_ret = EXIT_INVALIDARGUMENT;
-    GNUNET_SCHEDULER_shutdown ();
-    return;
-  }
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_float (cfg,
                                             "exchange-sanctionscheck",
@@ -705,13 +697,52 @@ run (void *cls,
   }
   GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
                                  cls);
-  sr = TALER_KYCLOGIC_sanction_rater_start (args[0],
-                                            args);
-  if (NULL == sr)
   {
-    global_ret = EXIT_INVALIDARGUMENT;
-    GNUNET_SCHEDULER_shutdown ();
-    return;
+    char *rater;
+    char **sargv = NULL;
+    unsigned int sargc = 0;
+
+    if (GNUNET_OK !=
+        GNUNET_CONFIGURATION_get_value_string (cfg,
+                                               "exchange-sanctionscheck",
+                                               "RATER_COMMAND",
+                                               &rater))
+    {
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                                 "exchange-sanctionscheck",
+                                 "RATER_COMMAND");
+      global_ret = EXIT_NOTCONFIGURED;
+      return;
+    }
+    for (const char *tok = strtok (rater,
+                                   " ");
+         NULL != tok;
+         tok = strtok (NULL,
+                       " "))
+    {
+      char *arg = GNUNET_strdup (tok);
+
+      GNUNET_array_append (sargv,
+                           sargc,
+                           arg);
+    }
+    GNUNET_free (rater);
+    GNUNET_array_append (sargv,
+                         sargc,
+                         NULL);
+    sr = TALER_KYCLOGIC_sanction_rater_start (sargv[0],
+                                              sargv);
+    for (unsigned int i = 0; i<sargc; i++)
+      GNUNET_free (sargv[i]);
+    GNUNET_array_grow (sargv,
+                       sargc,
+                       0);
+    if (NULL == sr)
+    {
+      global_ret = EXIT_INVALIDARGUMENT;
+      GNUNET_SCHEDULER_shutdown ();
+      return;
+    }
   }
   {
     char *min_row_fn;
diff --git a/src/testing/test-sanctions.sh b/src/testing/test-sanctions.sh
@@ -85,8 +85,7 @@ taler-exchange-sanctionscheck \
     -L INFO \
     -c test_sanctions.conf.edited \
     --reset \
-    --test \
-    robocop sanction-list.json
+    --test
 
 PROP=$(echo 'SELECT jproperties FROM exchange.legitimization_outcomes WHERE is_active;' | psql talercheck -Aqt)
 
diff --git a/src/testing/test_sanctions.conf b/src/testing/test_sanctions.conf
@@ -22,6 +22,9 @@ BASE_URL = "http://localhost:8081/"
 STEFAN_ABS = "EUR:5"
 ENABLE_KYC = YES
 
+[exchange-sanctionscheck]
+RATER_COMMAND = robocop sanction-list.json
+
 [exchangedb-postgres]
 CONFIG = "postgres:///talercheck"
 SQL_DIR = ${DATADIR}sql/