commit 0a2e6b05b5a34520653585c0d7f689515a590195
parent 8af582309513271867685e0e5f73199b63e5c1be
Author: Florian Dold <florian@dold.me>
Date: Thu, 22 Jan 2026 18:37:14 +0100
do not use sudo with -i option, as that breaks with locked accounts
Diffstat:
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/scripts/demo/setup-sandcastle.sh b/scripts/demo/setup-sandcastle.sh
@@ -231,7 +231,7 @@ chown taler-merchant-httpd:root /etc/taler-merchant/secrets/merchant-db.secret.c
chown root:donau-db /etc/donau/secrets/donau-db.secret.conf
-MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup)
+MASTER_PUBLIC_KEY=$(sudo -u taler-exchange-offline taler-exchange-offline -LDEBUG setup)
#
@@ -780,8 +780,8 @@ systemctl enable --now challenger-httpd.service
# Set up bank
-sudo -i -u libeufin-bank libeufin-bank edit-account admin --debit_threshold=$CURRENCY:1000000
-sudo -i -u libeufin-bank libeufin-bank passwd admin $(get_credential_pw bank/admin)
+sudo -u libeufin-bank libeufin-bank edit-account admin --debit_threshold=$CURRENCY:1000000
+sudo -u libeufin-bank libeufin-bank passwd admin $(get_credential_pw bank/admin)
systemctl enable --now libeufin-bank.service
@@ -789,56 +789,56 @@ BANK_BASEURL=$PROTO://$BANK_DOMAIN$PORT_SUFFIX/
taler-harness deployment wait-taler-service taler-corebank ${BANK_BASEURL}config
-sudo -i -u libeufin-bank libeufin-bank passwd exchange $(get_credential_pw bank/exchange) || true
+sudo -u libeufin-bank libeufin-bank passwd exchange $(get_credential_pw bank/exchange) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login exchange --exchange --public \
--payto $EXCHANGE_PAYTO \
--name Exchange \
--password $(get_credential_pw bank/exchange)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-admin $(get_credential_pw bank/merchant-admin) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-admin $(get_credential_pw bank/merchant-admin) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-admin --public \
--payto $MERCHANT_PAYTO_ADMIN \
--name "Default Demo Merchant" \
--password $(get_credential_pw bank/merchant-admin)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-pos $(get_credential_pw bank/merchant-pos) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-pos $(get_credential_pw bank/merchant-pos) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-pos --public \
--payto $MERCHANT_PAYTO_POS \
--name "PoS Merchant" \
--password $(get_credential_pw bank/merchant-pos)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-blog $(get_credential_pw bank/merchant-blog) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-blog $(get_credential_pw bank/merchant-blog) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-blog --public \
--payto $MERCHANT_PAYTO_BLOG \
--name "Blog Merchant" \
--password $(get_credential_pw bank/merchant-blog)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-gnunet $(get_credential_pw bank/merchant-gnunet) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-gnunet $(get_credential_pw bank/merchant-gnunet) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-gnunet --public \
--payto "$MERCHANT_PAYTO_GNUNET" \
--name "GNUnet Donations Merchant" \
--password $(get_credential_pw bank/merchant-gnunet)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-taler $(get_credential_pw bank/merchant-taler) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-taler $(get_credential_pw bank/merchant-taler) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-taler --public \
--payto "$MERCHANT_PAYTO_TALER" \
--name "Taler Donations Merchant" \
--password $(get_credential_pw bank/merchant-taler)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-tor $(get_credential_pw bank/merchant-tor) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-tor $(get_credential_pw bank/merchant-tor) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-tor --public \
--payto "$MERCHANT_PAYTO_TOR" \
--name "Tor Donations Merchant" \
--password $(get_credential_pw bank/merchant-tor)
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-umami $(get_credential_pw bank/merchant-umami) || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-umami $(get_credential_pw bank/merchant-umami) || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-umami --public \
--payto "$MERCHANT_PAYTO_UMAMI" \
@@ -846,7 +846,7 @@ taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--password $(get_credential_pw bank/merchant-umami)
# Special bank account without a secure password
-sudo -i -u libeufin-bank libeufin-bank passwd merchant-sandbox sandbox || true
+sudo -u libeufin-bank libeufin-bank passwd merchant-sandbox sandbox || true
taler-harness deployment provision-bank-account "${BANK_BASEURL}" \
--login merchant-sandbox --public \
--payto "$MERCHANT_PAYTO_SANDBOX" \
@@ -892,14 +892,14 @@ systemctl enable --now taler-exchange.target
taler-harness deployment wait-taler-service taler-exchange $PROTO://$EXCHANGE_DOMAIN$PORT_SUFFIX/config
taler-harness deployment wait-endpoint $PROTO://$EXCHANGE_DOMAIN$PORT_SUFFIX/management/keys
-sudo -i -u taler-exchange-offline \
+sudo -u taler-exchange-offline \
taler-exchange-offline \
-c /etc/taler-exchange/taler-exchange.conf \
download \
sign \
upload
-sudo -i -u taler-exchange-offline \
+sudo -u taler-exchange-offline \
taler-exchange-offline \
enable-account "${EXCHANGE_PAYTO}" \
wire-fee now "$WIRE_METHOD" "${CURRENCY}":0 "${CURRENCY}":0 \
