commit 0ccc6504209c155ee036893288ac0bc7e988d43a
parent 7334cfc40995c98aa550fedc7b249d9c08100028
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 2 Jan 2021 21:21:34 +0100
fix #6673: fix access rights on package install
Diffstat:
8 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
@@ -3,6 +3,6 @@ RewriteEngine On
RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
RewriteRule "(.+)/private/" "-" [F]
-ProxyPass "unix:/var/lib/taler-merchant/merchant.sock|http://example.com/"
+ProxyPass "unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
RequestHeader add "X-Forwarded-Proto" "https"
</Location>
diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf
@@ -2,7 +2,7 @@ location ~ /taler-merchant/private/ {
if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
return 401;
}
- proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
@@ -10,7 +10,7 @@ location ~ /taler-merchant/private/ {
}
location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
@@ -45,6 +45,11 @@ if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
. /etc/dbconfig-common/taler-merchant.conf
case "$dbc_dbtype" in
pgsql)
+ echo "GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO \"$dbc_dbuser\";" \
+ | sudo -u postgres psql "postgres:///$dbc_dbname"
+ echo "GRANT SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO \"$dbc_dbuser\";" \
+ | sudo -u postgres psql "postgres:///$dbc_dbname"
+
taler-config -w \
-c /etc/taler-merchant.conf \
-s "merchantdb-postgres" \
diff --git a/debian/etc/taler-merchant.conf b/debian/etc/taler-merchant.conf
@@ -4,5 +4,5 @@ CURRENCY = KUDOS
[merchant]
SERVE = UNIX
-UNIXPATH = /var/lib/taler-merchant/merchant.sock
+UNIXPATH = /var/lib/taler-merchant/httpd/merchant.sock
DATABASE = postgres
diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config
@@ -28,6 +28,10 @@ dbc_authmethod_user=ident
dbc_authmethod_admin=ident
+db_get taler-merchant/username
+_USERNAME="${RET:-taler-merchant-httpd}"
+dbc_dbuser=${_USERNAME}
+
if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/config.pgsql
diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst
@@ -25,7 +25,7 @@ apache_install() {
# 1st argument will be the SECURITYTOKEN to use.
nginx_install() {
mkdir -p /etc/nginx/conf-available
- if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+ if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ];
then
cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/nginx/conf-available/taler-merchant.conf
fi
diff --git a/debian/taler-merchant.postrm b/debian/taler-merchant.postrm
@@ -58,6 +58,8 @@ fi
case "${1}" in
purge)
+ rm -f /var/lib/taler-merchant/master-api-key.txt
+ rmdir /var/lib/taler-merchant/httpd/
if [ -e /usr/share/debconf/confmodule ]
then
. /usr/share/debconf/confmodule
diff --git a/src/merchant-tools/taler-merchant-dbinit.c b/src/merchant-tools/taler-merchant-dbinit.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2014, 2015 Taler Systems SA
+ Copyright (C) 2014, 2015, 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
