setup-exchange.sh (7357B)
1 #!/bin/bash 2 # This file is in the public domain. 3 # 4 # This script configure and launches the Taler exchange. 5 # 6 # The environment must provide the following variables: 7 # 8 # - BANK_EXCHANGE_TOKEN (exchange token for libeufin-bank) 9 # - EXCHANGE_PAYTO (exchange account PAYTO) 10 # - PROTO (http or https?) 11 # - DOMAIN_NAME: DNS domain name to use for the setup 12 # 13 14 set -eu 15 16 notify_exit() { 17 [[ $1 == 0 ]] || echo Script "$0" failed, exit code "$1" 18 } 19 20 notify_err() { 21 echo "errexit on line $(caller)" >&2 22 } 23 24 trap '(exit 130)' INT 25 trap '(exit 143)' TERM 26 trap notify_err ERR 27 # shellcheck disable=SC2154 28 trap 'rc=$?; notify_exit $rc; exit $rc' EXIT 29 30 # End of error handling setup 31 32 source functions.sh 33 source config/user.conf 34 source config/internal.conf 35 36 EXCHANGE_DB="taler-exchange" 37 38 say "Beginning Exchange setup" 39 40 expect_vars BANK_EXCHANGE_TOKEN EXCHANGE_PAYTO PROTO DOMAIN_NAME 41 42 function die() { 43 say "$1" 44 exit 1 45 } 46 47 # Just try if sudo works for diagnostics 48 sudo -i -u taler-exchange-offline id >/dev/null || die "Error: Unable to switch to taler-exchange-offline user" 49 50 # Create master key as taler-exchange-offline *unless* user already 51 # set the MASTER_PUBLIC_KEY to some value we can use. 52 export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys 53 export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv 54 export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub 55 if test -z "${MASTER_PUBLIC_KEY:-}"; then 56 if test "${DO_OFFLINE:-y}" == n; then 57 say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" 58 exit 1 59 fi 60 say "Setting up offline key" 61 echo -e "[exchange-offline]\n"\ 62 "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ 63 "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ 64 >/etc/taler-exchange/conf.d/offline-setup.conf 65 66 MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup 2>> setup.log) 67 echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >>config/user.conf 68 if test -z "${DO_OFFLINE:-}"; then 69 # Set 'DO_OFFLINE' 70 DO_OFFLINE=y 71 echo "DO_OFFLINE=y" >>config/user.conf 72 fi 73 else 74 say "Master public key is $MASTER_PUBLIC_KEY" 75 if test ${DO_OFFLINE:-y} == y; then 76 MASTER_PUBLIC_KEY2=$(sudo -i -u taler-exchange-offline taler-exchange-offline setup 2>> setup.log) 77 if test "${MASTER_PUBLIC_KEY2}" != "${MASTER_PUBLIC_KEY}"; then 78 say "Error: master public key missmatch ${MASTER_PUBLIC_KEY2} does not match ${MASTER_PUBLIC_KEY}" 79 exit 1 80 fi 81 fi 82 fi 83 84 say "Stopping running exchange before reconfiguration" 85 systemctl stop taler-exchange.target &>> setup.log 86 87 say "Configuring exchange" 88 89 say "Removing optimized files" #FIXME remove when this file works 90 rm -f /usr/share/taler-exchange/{aml,kyc}-spa/*.{zstd,gz} 91 92 # Generate terms of service (ToS) 93 TERMS_ETAG= 94 if test ${DO_EXCHANGE_TERMS} == y; then 95 if test -z "${EXCHANGE_TERMS_FILE:-}"; then 96 say "Error: No EXCHANGE_TERMS_FILE set but DO_EXCHANGE_TERMS set to YES" 97 exit 1 98 fi 99 100 TERMS_ETAG="$(basename "$EXCHANGE_TERMS_FILE" .rst)" 101 102 say "Setting up terms of service (ToS)" 103 taler-terms-generator -i "${EXCHANGE_TERMS_FILE}" &>> setup.log 104 fi 105 106 # Generate privacy policy 107 PRIVACY_ETAG= 108 if test ${DO_EXCHANGE_PRIVACY} == y; then 109 if test -z "${EXCHANGE_PRIVACY_FILE:-}"; then 110 say "Error: No EXCHANGE_PRIVACY_FILE set but DO_EXCHANGE_PRIVACY set to YES" 111 exit 1 112 fi 113 114 PRIVACY_ETAG="$(basename "$EXCHANGE_PRIVACY_FILE" .rst)" 115 116 say "Setting up the privacy policy" 117 taler-terms-generator -i "${EXCHANGE_PRIVACY_FILE}" &>> setup.log 118 fi 119 120 export EXCHANGE_BASE_URL="$PROTO://exchange.${DOMAIN_NAME}/" 121 122 cat << EOF > /etc/taler-exchange/conf.d/setup.conf 123 [exchange] 124 CURRENCY=${CURRENCY} 125 CURRENCY_ROUND_UNIT=${CURRENCY}:0.01 126 AML_THRESHOLD=${CURRENCY}:1000000 127 MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY} 128 BASE_URL=${EXCHANGE_BASE_URL} 129 STEFAN_ABS=${CURRENCY}:0 130 STEFAN_LOG=${CURRENCY}:0 131 STEFAN_LIN=0 132 133 TERMS_ETAG=${TERMS_ETAG} 134 PRIVACY_ETAG=${PRIVACY_ETAG} 135 136 [merchant-exchange-${DOMAIN_NAME}] 137 MASTER_KEY=${MASTER_PUBLIC_KEY} 138 CURRENCY=${CURRENCY} 139 EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL} 140 141 [exchange-account-default] 142 PAYTO_URI=${EXCHANGE_PAYTO} 143 ENABLE_DEBIT=YES 144 ENABLE_CREDIT=YES 145 @inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf 146 EOF 147 148 cat << EOF > /etc/taler-exchange/secrets/exchange-db.secret.conf 149 [exchangedb-postgres] 150 CONFIG=postgres:///exchange 151 EOF 152 153 chmod 440 /etc/taler-exchange/secrets/exchange-db.secret.conf 154 chown root:taler-exchange-db /etc/taler-exchange/secrets/exchange-db.secret.conf 155 156 cat << EOF > /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 157 158 [exchange-accountcredentials-default] 159 WIRE_GATEWAY_URL=${PROTO}://bank.$DOMAIN_NAME/accounts/exchange/taler-wire-gateway/ 160 WIRE_GATEWAY_AUTH_METHOD=bearer 161 TOKEN=${BANK_EXCHANGE_TOKEN} 162 EOF 163 164 chmod 400 /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 165 chown taler-exchange-wire:taler-exchange-db /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 166 167 taler-harness deployment gen-coin-config \ 168 --min-amount "${CURRENCY}":0.01 \ 169 --max-amount "${CURRENCY}":100 | 170 sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ 171 >/etc/taler-exchange/conf.d/"${CURRENCY}"-coins.conf 172 173 say "Fixing coin configuraiton..." 174 # FIXME: Fix exchange configuration, remove when taler-harness is updated 175 sed 's/coin-/coin_/i' -i /etc/taler-exchange/conf.d/*-coins.conf 176 177 say "Initializing exchange database" 178 taler-exchange-dbconfig &>> setup.log 179 180 say "Launching exchange" 181 systemctl enable taler-exchange.target &>> setup.log 182 systemctl restart taler-exchange.target &>> setup.log 183 184 say "Waiting for exchange HTTP service (/config)..." 185 curl -sS --max-time 2 \ 186 --retry-all-errors \ 187 --retry-delay 2 \ 188 --retry 10 \ 189 --fail \ 190 "${EXCHANGE_BASE_URL}"config &>> setup.log 191 192 say "Waiting for exchange management keys (this may take a while)..." 193 curl -sS --max-time 30 \ 194 --retry-delay 2 \ 195 --retry 60 \ 196 --fail \ 197 "${EXCHANGE_BASE_URL}"management/keys &>> setup.log 198 199 if test ${DO_OFFLINE} == y; then 200 say "Offline interaction..." 201 sudo -i -u taler-exchange-offline \ 202 taler-exchange-offline \ 203 download \ 204 sign \ 205 upload &>> setup.log 206 207 say "Exchange account setup..." 208 sudo -i -u taler-exchange-offline \ 209 taler-exchange-offline \ 210 enable-account "${EXCHANGE_PAYTO}" \ 211 display-hint 0 "${CURRENCY} Exchange" \ 212 wire-fee now x-taler-bank "${CURRENCY}":0 "${CURRENCY}":0 \ 213 global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ 214 upload &>> setup.log 215 216 say "Enabling timer to automate renewals..." 217 systemctl enable taler-exchange-offline.timer &>> setup.log 218 systemctl restart taler-exchange-offline.timer &>> setup.log 219 220 if test ${DO_CONVERSION} == y; then 221 say "Conversion account setup (restricted to CH-only)..." 222 sudo -i -u taler-exchange-offline taler-exchange-offline \ 223 enable-account "${CONVERSION_PAYTO}" \ 224 display-hint 10 "${FIAT_BANK_NAME}" \ 225 conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \ 226 debit-restriction deny \ 227 wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ 228 upload &>> setup.log 229 fi 230 fi 231 232 say "Waiting for exchange /keys..." 233 curl -sS --max-time 2 \ 234 --retry-connrefused \ 235 --retry-delay 2 \ 236 --retry 10 \ 237 "${EXCHANGE_BASE_URL}"keys &>> setup.log 238 239 say "Exchange setup finished"