do not use variablenames for usernames/groupnames as suggested by Florian - exchange - Base system with REST service to issue digital coins, run by the payment service provider

commit d34c075f2e20addcfa3451ece723669bc2189c54
parent 025299b69c03c553230603914c3ebb2c83b10cac
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Thu, 14 Aug 2025 15:25:18 +0200

do not use variablenames for usernames/groupnames as suggested by Florian

Diffstat:
M debian/taler-auditor.postinst  | 23 ++++++++++++-----------
M debian/taler-auditor.postrm  | 7 ++-----
M debian/taler-exchange.postinst  | 88 ++++++++++++++++++++++++++++++++-----------------------------------------------
M debian/taler-exchange.postrm  | 37 ++++++++++++++-----------------------

4 files changed, 63 insertions(+), 92 deletions(-)
diff --git a/debian/taler-auditor.postinst b/debian/taler-auditor.postinst
@@ -6,25 +6,26 @@ set -e
 
 CONFIG_FILE="/etc/default/taler-auditor"
 TALER_HOME="/var/lib/taler-auditor"
-_USERNAME=taler-auditor-httpd
-_GROUPNAME=taler-auditor-httpd
 
 function mark_secret() {
-  if ! dpkg-statoverride --list "$1" >/dev/null 2>&1; then
-    dpkg-statoverride --add --update ${_USERNAME} ${_GROUPNAME} 640 "$1"
-  fi
+    if ! dpkg-statoverride --list "$1" >/dev/null 2>&1;
+    then
+        dpkg-statoverride --add --update taler-auditor-httpd taler-auditor-httpd 640 "$1"
+    fi
 }
 
 case "${1}" in
 configure)
   # Create taler groups as needed
-  if ! getent group ${_GROUPNAME} >/dev/null; then
-    addgroup --quiet --system ${_GROUPNAME}
-  fi
+    if ! getent group taler-auditor-httpd >/dev/null;
+    then
+        addgroup --quiet --system taler-auditor-httpd
+    fi
   # Create taler users if needed
-  if ! getent passwd ${_USERNAME} >/dev/null; then
-    adduser --quiet --system --ingroup ${_GROUPNAME} --no-create-home --home ${TALER_HOME} ${_USERNAME}
-  fi
+    if ! getent passwd taler-auditor-httpd >/dev/null;
+    then
+        adduser --quiet --system --ingroup taler-auditor-httpd --no-create-home --home ${TALER_HOME} taler-auditor-httpd
+    fi
 
   mark_secret /etc/taler-auditor/secrets/auditor-db.secret.conf
   mark_secret /etc/taler-auditor/secrets/exchange-accountcredentials-1.secret.conf
diff --git a/debian/taler-auditor.postrm b/debian/taler-auditor.postrm
@@ -6,17 +6,14 @@ if [ -f /usr/share/debconf/confmodule ]; then
   . /usr/share/debconf/confmodule
 fi
 
-_USERNAME=taler-auditor-httpd
-_GROUPNAME=taler-auditor-httpd
-
 case "${1}" in
 purge)
     dpkg-statoverride --remove \
       /etc/taler-auditor/secrets/auditor-db.secret.conf || true
     dpkg-statoverride --remove \
       /etc/taler-auditor/secrets/exchange-accountcredentials-1.secret.conf || true
-    deluser --system --quiet ${_USERNAME} || true
-    delgroup --only-if-empty --quiet ${_GROUPNAME} || true
+    deluser --system --quiet taler-auditor-httpd || true
+    delgroup --only-if-empty --quiet taler-auditor-httpd || true
     ;;
 
 remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;;
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
@@ -6,74 +6,56 @@ set -e
 
 TALER_HOME="/var/lib/taler-exchange"
 
-# Group with access to private key material
-_GROUPNAME=taler-exchange-secmod
-# Group with access to our database
-_DBGROUPNAME=taler-exchange-db
-# Group with access to KYC service configuration
-_KYCGROUPNAME=taler-exchange-kyc
-
-# Different users for the different components
-_EUSERNAME=taler-exchange-httpd
-_CLOSERUSERNAME=taler-exchange-closer
-_CSECUSERNAME=taler-exchange-secmod-cs
-_RSECUSERNAME=taler-exchange-secmod-rsa
-_ESECUSERNAME=taler-exchange-secmod-eddsa
-_AGGRUSERNAME=taler-exchange-aggregator
-_EXPIUSERNAME=taler-exchange-expire
-_WIREUSERNAME=taler-exchange-wire
-_SANCTIONSUSERNAME=taler-exchange-sanctionscheck
-
 case "${1}" in
 configure)
 
   # Create taler groups as needed
-  if ! getent group ${_GROUPNAME} >/dev/null; then
-    addgroup --quiet --system ${_GROUPNAME}
+  if ! getent group taler-exchange-secmod >/dev/null; then
+    addgroup --quiet --system taler-exchange-secmod
   fi
-  if ! getent group ${_DBGROUPNAME} >/dev/null; then
-    addgroup --quiet --system ${_DBGROUPNAME}
+  if ! getent group taler-exchange-db >/dev/null; then
+    addgroup --quiet --system taler-exchange-db
   fi
-  if ! getent group ${_KYCGROUPNAME} >/dev/null; then
-    addgroup --quiet --system ${_KYCGROUPNAME}
+  if ! getent group taler-exchange-kyc >/dev/null; then
+    addgroup --quiet --system taler-exchange-kyc
   fi
 
   # Create taler users if needed
-  if ! getent passwd ${_EUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
-    adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
-    adduser --quiet ${_EUSERNAME} ${_KYCGROUPNAME}
-    adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
+  if ! getent passwd taler-exchange-httpd >/dev/null; then
+    adduser --quiet --system --no-create-home --ingroup taler-exchange-secmod --home ${TALER_HOME} taler-exchange-httpd
+    adduser --quiet taler-exchange-httpd taler-exchange-db
+    adduser --quiet taler-exchange-httpd taler-exchange-kyc
+    adduser --quiet taler-exchange-httpd taler-exchange-secmod
   fi
-  if ! getent passwd ${_SANCTIONSUSERNAME} >/dev/null; then
-    adduser --quiet --system --ingroup ${_DBGROUPNAME} --home /var/lib/taler-sanctionscheck ${_SANCTIONSUSERNAME}
-    adduser --quiet ${_SANCTIONSUSERNAME} ${_KYCGROUPNAME}
+  if ! getent passwd taler-exchange-sanctionscheck >/dev/null; then
+    adduser --quiet --system --ingroup taler-exchange-db --home /var/lib/taler-sanctionscheck taler-exchange-sanctionscheck
+    adduser --quiet taler-exchange-sanctionscheck taler-exchange-kyc
   fi
-  if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
+  if ! getent passwdtaler-exchange-secmod-rsadev/null; then
+      adduser --quiet --system --no-create-home --ingroup taler-exchange-secmod --home ${TALER_HOME} taler-exchange-secmod-rsa
   fi
-  if ! getent passwd ${_CSECUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_CSECUSERNAME}
+  if ! getent passwd taler-exchange-secmod-cs >/dev/null; then
+    adduser --quiet --system --no-create-home --ingroup taler-exchange-secmod --home ${TALER_HOME} taler-exchange-secmod-cs
   fi
-  if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_ESECUSERNAME}
+  if ! getent passwd taler-exchange-secmod-eddsa >/dev/null; then
+    adduser --quiet --system --no-create-home --ingroup taler-exchange-secmod --home ${TALER_HOME} taler-exchange-secmod-eddsa
   fi
-  if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_WIREUSERNAME}
-    adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
+  if ! getent passwd taler-exchange-wire >/dev/null; then
+    adduser --quiet --system --no-create-home --home ${TALER_HOME} taler-exchange-wire
+    adduser --quiet taler-exchange-wire taler-exchange-db
   fi
-  if ! getent passwd ${_CLOSERUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_CLOSERUSERNAME}
-    adduser --quiet ${_CLOSERUSERNAME} ${_DBGROUPNAME}
+  if ! getent passwd taler-exchange-closer >/dev/null; then
+    adduser --quiet --system --no-create-home --home ${TALER_HOME} taler-exchange-closer
+    adduser --quiet taler-exchange-closer taler-exchange-db
   fi
-  if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_AGGRUSERNAME}
-    adduser --quiet ${_AGGRUSERNAME} ${_KYCGROUPNAME}
-    adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
+  if ! getent passwd taler-exchange-aggregator >/dev/null; then
+    adduser --quiet --system --no-create-home --home ${TALER_HOME} taler-exchange-aggregator
+    adduser --quiet taler-exchange-aggregator taler-exchange-kyc
+    adduser --quiet taler-exchange-aggregator taler-exchange-db
   fi
-  if ! getent passwd ${_EXPIUSERNAME} >/dev/null; then
-    adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_EXPIUSERNAME}
-    adduser --quiet ${_EXPIUSERNAME} ${_DBGROUPNAME}
+  if ! getent passwd taler-exchange-expire >/dev/null; then
+    adduser --quiet --system --no-create-home --home ${TALER_HOME} taler-exchange-expire
+    adduser --quiet taler-exchange-expire taler-exchange-db
   fi
 
   if ! dpkg-statoverride --list /etc/taler-exchange/taler-exchange.conf >/dev/null 2>&1; then
@@ -84,13 +66,13 @@ configure)
 
   if ! dpkg-statoverride --list /etc/taler-exchange/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
     dpkg-statoverride --add --update \
-      ${_WIREUSERNAME} root 640 \
+      taler-exchange-wire root 640 \
       /etc/taler-exchange/secrets/exchange-accountcredentials-1.secret.conf
   fi
 
   if ! dpkg-statoverride --list /etc/taler-exchange/secrets/exchange-db.secret.conf >/dev/null 2>&1; then
     dpkg-statoverride --add --update \
-      root ${_DBGROUPNAME} 640 \
+      root taler-exchange-db 640 \
       /etc/taler-exchange/secrets/exchange-db.secret.conf
   fi
 
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
@@ -2,19 +2,8 @@
 
 set -e
 
-_GROUPNAME=taler-exchange-secmod
-_DBGROUPNAME=taler-exchange-db
-_EUSERNAME=taler-exchange-httpd
-_CLOSERUSERNAME=taler-exchange-closer
-_CSECUSERNAME=taler-exchange-secmod-cs
-_RSECUSERNAME=taler-exchange-secmod-rsa
-_ESECUSERNAME=taler-exchange-secmod-eddsa
-_AGGRUSERNAME=taler-exchange-aggregator
-_EXPIUSERNAME=taler-exchange-expire
-_WIREUSERNAME=taler-exchange-wire
-
-
-if [ -f /usr/share/debconf/confmodule ]; then
+if [ -f /usr/share/debconf/confmodule ];
+then
   . /usr/share/debconf/confmodule
 fi
 
@@ -25,16 +14,18 @@ purge)
        /etc/taler-exchange/secrets/exchange-accountcredentials-1.secret.conf || true
     dpkg-statoverride --remove \
         /etc/taler-exchange/secrets/exchange-db.secret.conf || true
-    deluser --quiet --system ${_CSECUSERNAME} || true
-    deluser --quiet --system ${_RSECUSERNAME} || true
-    deluser --quiet --system ${_ESECUSERNAME} || true
-    deluser --quiet --system ${_AGGRUSERNAME} || true
-    deluser --quiet --system ${_EXPIUSERNAME} || true
-    deluser --quiet --system ${_WIREUSERNAME} || true
-    deluser --quiet --system ${_CLOSERUSERNAME} || true
-    deluser --quiet --system ${_EUSERNAME} || true
-    delgroup --only-if-empty --quiet ${_DBGROUPNAME} || true
-    delgroup --only-if-empty --quiet ${_GROUPNAME} || true
+    deluser --quiet --system taler-exchange-secmod-cs || true
+    deluser --quiet --system taler-exchange-secmod-rsa || true
+    deluser --quiet --system taler-exchange-secmod-eddsa || true
+    deluser --quiet --system taler-exchange-aggregator || true
+    deluser --quiet --system taler-exchange-expire || true
+    deluser --quiet --system taler-exchange-wire || true
+    deluser --quiet --system taler-exchange-closer || true
+    deluser --quiet --system taler-exchange-sanctionscheck || true
+    deluser --quiet --system taler-exchange-httpd || true
+    delgroup --only-if-empty --quiet taler-exchange-kyc || true
+    delgroup --only-if-empty --quiet taler-exchange-db || true
+    delgroup --only-if-empty --quiet taler-exchange-secmod || true
     ;;
 
 remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)

	exchange Base system with REST service to issue digital coins, run by the payment service provider
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	debian/taler-auditor.postinst	\|	23	++++++++++++-----------
M	debian/taler-auditor.postrm	\|	7	++-----
M	debian/taler-exchange.postinst	\|	88	++++++++++++++++++++++++++++++++-----------------------------------------------
M	debian/taler-exchange.postrm	\|	37	++++++++++++++-----------------------