exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit 63590bb350d2c42f629e5ce56735ce1365b97f82
parent 7bc7ee58ee5bf4708d6781e976524c6198da50cd
Author: Florian Dold <florian@dold.me>
Date:   Mon, 26 Jul 2021 23:37:13 +0200

debian: rundir service

Diffstat:

Mdebian/etc/taler/exchange-system.conf | 7++++---


Mdebian/taler-exchange.taler-exchange-httpd.service | 3+--


Adebian/taler-exchange.taler-exchange-rundir.service | 14++++++++++++++


Mdebian/taler-exchange.taler-exchange-secmod-eddsa.service | 1+


Mdebian/taler-exchange.taler-exchange-secmod-rsa.service | 1+


5 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/debian/etc/taler/exchange-system.conf b/debian/etc/taler/exchange-system.conf
@@ -6,14 +6,15 @@
 
 [PATHS]
 
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+TALER_RUNTIME_DIR = /run/taler-exchange-private
 
 
 [exchange]
 # Debian package is configured to use a reverse proxy with a UNIX
 # domain socket. See nginx/apache configuration files.
+#
+# FIXME: This should be set to something like "NONE"
+# since systemd creates the socket for us.
 SERVE = UNIX
 UNIXPATH = /var/lib/taler-exchange/exchange.sock
 
diff --git a/debian/taler-exchange.taler-exchange-httpd.service b/debian/taler-exchange.taler-exchange-httpd.service
@@ -1,7 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange REST API
-AssertPathExists=/var/lib/taler-exchange/
-Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
+Requires=taler-exchange-rundir.service taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
 Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service
 After=postgres.service network.target
 
diff --git a/debian/taler-exchange.taler-exchange-rundir.service b/debian/taler-exchange.taler-exchange-rundir.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Private runtime directory for the GNU Taler exchange
+
+[Service]
+# We just want to create the run directory
+Type=oneshot
+RuntimeDirectory=taler-exchange-private
+User=root
+Group=taler-exchange-private
+ExecStart=/bin/true
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
@@ -1,5 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange EdDSA security module
+Requires=taler-exchange-rundir.service
 
 [Service]
 User=taler-exchange-secmod-eddsa
diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service b/debian/taler-exchange.taler-exchange-secmod-rsa.service
@@ -1,5 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange RSA security module
+Requires=taler-exchange-rundir.service
 
 [Service]
 User=taler-exchange-secmod-rsa