exchange

commit 5f17d63c4cc7721a752c48170a66cb076040e1e0
parent 7fa0e74f08659197a1f25af6ba00bff862c2a2c2
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sat,  9 Sep 2023 15:03:13 +0200

improve Debian package

Diffstat:
M
contrib/taler-exchange-dbconfig
 | 
22
+++++++++++++---------
M
debian/taler-auditor.postinst
 | 
2
+-
M
debian/taler-auditor.postrm
 | 
9
++++++++-
M
debian/taler-exchange.postinst
 | 
4
++--
M
debian/taler-exchange.postrm
 | 
24
++++++++++++++++++++++++

5 files changed, 48 insertions(+), 13 deletions(-)
diff --git a/contrib/taler-exchange-dbconfig b/contrib/taler-exchange-dbconfig
@@ -22,15 +22,17 @@ set -eu
 RESET_DB=0
 SKIP_DBINIT=0
 DBUSER="taler-exchange-httpd"
+DBGROUP="taler-exchange-db"
 DBNAME="exchange"
 CFGFILE="/etc/taler/secrets/exchange-db.secret.conf"
 
 # Parse command-line options
-while getopts ':hn:rsu:' OPTION; do
+while getopts ':g:hn:rsu:' OPTION; do
     case "$OPTION" in
         h)
             echo 'Supported options:'
             echo "  -c FILENAME  -- write configuration to FILENAME (default: $CFGFILE)"
+            echo "  -g GROUP     -- taler-exchange to be run by GROUP (default: $DBGROUP)"
             echo "  -h           -- print this help text"
             echo "  -n NAME      -- user NAME for database name (default: $DBNAME)"
             echo "  -r           -- reset database (dangerous)"
@@ -86,7 +88,7 @@ if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null
 then
     if [ 1 = "$RESET_DB" ]
     then
-        echo "Deleting existing database $DBNAME." 1>&2
+        echo "Deleting existing database '$DBNAME'." 1>&2
         sudo -i -u postgres dropdb "$DBNAME"
     else
         echo "Database '$DBNAME' already exists, refusing to setup again."
@@ -95,14 +97,14 @@ then
     fi
 fi
 
-echo "Setting up database user $DBUSER." 1>&2
+echo "Setting up database user '$DBUSER'." 1>&2
 
 if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null
 then
     echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
 fi
 
-echo "Creating database $DBNAME." 1>&2
+echo "Creating database '$DBNAME'." 1>&2
 
 if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"
 then
@@ -112,19 +114,21 @@ fi
 
 if [ -f "$CFGFILE" ]
 then
-    echo "Adding database configuration to $CFGFILE." 1>&2
+    echo "Adding database configuration to '$CFGFILE'." 1>&2
     echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
+    chown root:"$DBGROUP" "$CFGFILE"
+    chmod 640 "$CFGFILE"
 else
-    echo "Configuration $CFGFILE does not yet exist, creating it." 1>&2
+    echo "Configuration '$CFGFILE' does not yet exist, creating it." 1>&2
     mkdir -p "$(dirname "$CFGFILE")"
     echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
-    chown "$DBUSER":root "$CFGFILE"
-    chmod 460 "$CFGFILE"
+    chown root:"$DBGROUP" "$CFGFILE"
+    chmod 640 "$CFGFILE"
 fi
 
 if [ 0 = "$SKIP_DBINIT" ]
 then
-    echo "Initializing database $DBNAME." 1>&2
+    echo "Initializing database '$DBNAME'." 1>&2
     sudo -u "$DBUSER" taler-exchange-dbinit
 fi
 
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
@@ -22,7 +22,7 @@ configure)
 
   if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf >/dev/null 2>&1; then
     dpkg-statoverride --add --update \
-      ${_USERNAME} ${_GROUPNAME} 660 \
+      ${_USERNAME} ${_GROUPNAME} 640 \
       /etc/taler/secrets/auditor-db.secret.conf
   fi
 
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
@@ -6,9 +6,16 @@ if [ -f /usr/share/debconf/confmodule ]; then
   . /usr/share/debconf/confmodule
 fi
 
+_USERNAME=taler-auditor-httpd
+_GROUPNAME=taler-auditor-httpd
+
 case "${1}" in
 purge)
-  ;;
+    dpkg-statoverride --remove \
+      /etc/taler/secrets/auditor-db.secret.conf || true
+    deluser --system --quiet ${_USERNAME} || true
+    delgroup --only-if-empty --quiet ${_GROUPNAME} || true
+    ;;
 
 remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
 *)
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
@@ -56,13 +56,13 @@ configure)
 
   if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
     dpkg-statoverride --add --update \
-      ${_WIREUSERNAME} root 460 \
+      ${_WIREUSERNAME} root 640 \
       /etc/taler/secrets/exchange-accountcredentials-1.secret.conf
   fi
 
   if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then
     dpkg-statoverride --add --update \
-      root ${_DBGROUPNAME} 660 \
+      root ${_DBGROUPNAME} 640 \
       /etc/taler/secrets/exchange-db.secret.conf
   fi
 
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
@@ -2,6 +2,17 @@
 
 set -e
 
+_GROUPNAME=taler-exchange-secmod
+_DBGROUPNAME=taler-exchange-db
+_EUSERNAME=taler-exchange-httpd
+_CLOSERUSERNAME=taler-exchange-closer
+_CSECUSERNAME=taler-exchange-secmod-cs
+_RSECUSERNAME=taler-exchange-secmod-rsa
+_ESECUSERNAME=taler-exchange-secmod-eddsa
+_AGGRUSERNAME=taler-exchange-aggregator
+_WIREUSERNAME=taler-exchange-wire
+
+
 if [ -f /usr/share/debconf/confmodule ]; then
   . /usr/share/debconf/confmodule
 fi
@@ -9,6 +20,19 @@ fi
 case "${1}" in
 purge)
     rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-*
+    dpkg-statoverride --remove \
+       /etc/taler/secrets/exchange-accountcredentials-1.secret.conf || true
+    dpkg-statoverride --remove \
+                      /etc/taler/secrets/exchange-db.secret.conf || true
+    deluser --quiet --system ${_CSECUSERNAME} || true
+    deluser --quiet --system ${_RSECUSERNAME} || true
+    deluser --quiet --system ${_ESECUSERNAME} || true
+    deluser --quiet --system ${_AGGRUSERNAME} || true
+    deluser --quiet --system ${_WIREUSERNAME} || true
+    deluser --quiet --system ${_CLOSERUSERNAME} || true
+    deluser --quiet --system ${_EUSERNAME} || true
+    delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true
+    delgroup --only-if-empty --quiet ${_GROUPNAME} || true
     ;;
 
 remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)