7 files changed, 168 insertions, 69 deletions
diff --git a/server-build/QEMU-autobuild/buildWebstore.sh b/server-build/QEMU-autobuild/buildWebstore.sh
index e46327a..ef066b0 100755
--- a/server-build/QEMU-autobuild/buildWebstore.sh
+++ b/server-build/QEMU-autobuild/buildWebstore.sh
@@ -214,7 +214,12 @@ sudo -u www-data wp wc --user=admin payment_gateway update gnutaler --enabled=tr
 
 # install OIDC plugin (needed for re:claimID integration)
 
-sudo -u www-data wp --user=admin plugin install daggerhart-openid-connect-generic --activate
+# This would install the 'original' plugin:
+# sudo -u www-data wp --user=admin plugin install daggerhart-openid-connect-generic --activate
+
+# As the original plugin has a bug, go for our hotfix'ed version instead:
+cp -r /root/woocommerce-taler/daggerhart-openid-connect-generic /var/www/wordpress/wp-content/plugins/
+chown -R www-data:www-data /var/www/wordpress/wp-content/plugins/daggerhart-openid-connect-generic/
 
 echo
 echo '1. You must set up WooCommerce defaults.  To do this:'
diff --git a/server-build/generic-debian/Server-Build-Instructions.md b/server-build/generic-debian/Server-Build-Instructions.md
index 5638cf7..595f4ca 100644
--- a/server-build/generic-debian/Server-Build-Instructions.md
+++ b/server-build/generic-debian/Server-Build-Instructions.md
@@ -1,6 +1,10 @@
 # Purpose of this document
 
-This document is an instruction manual to install WordPress, WooCommerce, and the GNU Taler WooComerce plugin on a fresh Debian 10 system and have it serve a GNU Taler-enabled WordPress/WooCommerce site using HTTPS with a LetsEncrypt SSL certificate or self-signed certificate.
+This document is an instruction manual to install WordPress,
+WooCommerce, and the GNU Taler WooComerce plugin on a fresh Debian 10
+system and have it serve a GNU Taler-enabled WordPress/WooCommerce
+site using HTTPS with a LetsEncrypt SSL certificate or self-signed
+certificate.
 
 ## Assumptions
 
@@ -10,17 +14,26 @@ This document is an instruction manual to install WordPress, WooCommerce, and th
 
 * Apache2 will be the default web server.
 
-* Your server will have a domain name such as _domain.com_.  This is necessary for the LetsEncrypt SSL certificate.  If you will use this server locally or using the raw IP address, you may follow the instructions for a self-signed certificate instead.
+* Your server will have a domain name such as _domain.com_.  This is
+  necessary for the LetsEncrypt SSL certificate.  If you will use this
+  server locally or using the raw IP address, you may follow the
+  instructions for a self-signed certificate instead.
 
 ## Configure firewall
 
-You may use the file in `scripts/ufw-setup.sh` to install ufw (uncomplicated firewall) and automatically open ports 80 and 443 (needed for LetsEncrypt and for access to the WordPress/WooComerce site.)
+You may use the file in `scripts/ufw-setup.sh` to install ufw
+(uncomplicated firewall) and automatically open ports 80 and 443
+(needed for LetsEncrypt and for access to the WordPress/WooComerce
+site.)
 
-Alternatively, configure your firewall of choice to accept requests on ports 80 and 443 (and whatever port(s) you may be using to access your server, ex: SSH port 22.)
+Alternatively, configure your firewall of choice to accept requests on
+ports 80 and 443 (and whatever port(s) you may be using to access your
+server, ex: SSH port 22.)
 
 ##  Software from Debian Repositories
 
-Please note that all software can be installed at one time.  The following separations are only to make the instructions more clear.
+Please note that all software can be installed at one time.  The
+following separations are only to make the instructions more clear.
 
 ### Install Apache2
 
@@ -66,7 +79,8 @@ Become `root`:
 
 `# crontab -e`
 
-Add these lines to the crontab (please note you can change the date by adjusting this command.  Look up _cron_ jobs for details):
+Add these lines to the crontab (please note you can change the date by
+adjusting this command.  Look up _cron_ jobs for details):
 
 ```
 # Weekly Certbot Renewal Check
@@ -75,11 +89,15 @@ Add these lines to the crontab (please note you can change the date by adjusting
 
 ### Using a self-signed certificate
 
-If you prefer to use a self-signed SSL certificate (for example, if your server does not have a public IP address), you may use the script in `/scripts/ssl-create-selfsigned.sh`.  You can also do this manually as follows:
+If you prefer to use a self-signed SSL certificate (for example, if
+your server does not have a public IP address), you may use the script
+in `/scripts/ssl-create-selfsigned.sh`.  You can also do this manually
+as follows:
 
 `$ openssl req -x509 -newkey rsa:4096 -keyout selfsigned-key.pem -out selfsigned-cert.pem -days 365 -nodes -subj '/CN=localhost'`
 
-Leave off the `-subj '/CN=localhost'` flag if you prefer to add identifying information to the certificate.
+Leave off the `-subj '/CN=localhost'` flag if you prefer to add
+identifying information to the certificate.
 
 The output will look something like this:
 
@@ -112,7 +130,8 @@ Remember this location for inclusion in your web server configuration files.
 
 `$ sudo a2enmod actions fastcgi alias proxy_fcgi php7.3 proxy_fcgi setenvif`
 
-Please note that you may need to change the version from php7.2, depending on your system.
+Please note that you may need to change the version from php7.2,
+depending on your system.
 
 #### Install modules for HTTP -> HTTPS, and SSL
 
@@ -126,11 +145,13 @@ Please note that you may need to change the version from php7.2, depending on yo
 
 Open `assets/wordpress.apache2.conf` and customize for your system.
 
-Save this file as _wordpress.conf_ and put it in `/etc/apache2/sites-available`. To make it active, issue this command:
+Save this file as _wordpress.conf_ and put it in
+`/etc/apache2/sites-available`. To make it active, issue this command:
 
 `$ sudo a2ensite wordpress && sudo systemctl reload apache2`
 
-You may also wish to remove the default `000-default.conf` apache2 configuration with this:
+You may also wish to remove the default `000-default.conf` apache2
+configuration with this:
 
 `$ sudo a2dissite 000-default`
 
@@ -138,26 +159,42 @@ Now reload apache2:
 
 `$ sudo systemctl reload apache2`
 
-Now visiting `_domain.com_` in your browser should bring you to the location where WordPress will soon be.  Don't worry that you have an error at this time.  Move on to "Install Wordpress"
+Now visiting `_domain.com_` in your browser should bring you to the
+location where WordPress will soon be.  Don't worry that you have an
+error at this time.  Move on to "Install Wordpress"
 
 ## Configure nginx
 
-The nginx webiste has several suggestions for configuring a WordPress site.  Please visit https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ or https://wordpress.org/support/article/nginx/ for recommendations.  Or use the nginx conf file in `assets/wordpress.nginx.site`.
+The nginx webiste has several suggestions for configuring a WordPress
+site.  Please visit
+https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
+or https://wordpress.org/support/article/nginx/ for recommendations.
+Or use the nginx conf file in `assets/wordpress.nginx.site`.
 
-1. Copy `assets/wordpress.nginx.site` to your server as `/etc/nginx/sites-available/wordpress.site`
+1. Copy `assets/wordpress.nginx.site` to your server as
+`/etc/nginx/sites-available/wordpress.site`
 
-2. Edit the file to specify the path to your SSL certificate, your `server_name` (ex. _domain.com_), and make any other changes you want to make.
+2. Edit the file to specify the path to your SSL certificate, your
+`server_name` (ex. _domain.com_), and make any other changes you want
+to make.
 
-3. Activate the config with `$ sudo ln -s /etc/nginx/sites-available/wordpress.site /etc/nginx/sites-enabled/wordpress.site`
+3. Activate the config with:
 
-4. Restart nginx with `$ sudo systemctl restart nginx`
+`$ sudo ln -s /etc/nginx/sites-available/wordpress.site /etc/nginx/sites-enabled/wordpress.site`
 
-Now visiting `_domain.com_` in your browser will bring you to the location where WordPress will soon be.  Don't worry that you have an error at this time.  Move on to "Install Wordpress"
+4. Restart nginx with:
+
+`$ sudo systemctl restart nginx`
+
+Now visiting `_domain.com_` in your browser will bring you to the
+location where WordPress will soon be.  Don't worry that you have an
+error at this time.  Move on to "Install Wordpress"
 
 
 ## Install WordPress
 
-You are recommended to follow the official Wordpress instructions at https://wordpress.org/support/article/how-to-install-wordpress/
+You are recommended to follow the official Wordpress instructions at
+https://wordpress.org/support/article/how-to-install-wordpress/
 
 Alternatively, instructions follow:
 
@@ -183,7 +220,8 @@ Set permissions and ownership:
 
 `$ sudo mysql_secure_installation`
 
-You will be prompted to accept some security defaults, and to set the root password.  Make sure to write this down.
+You will be prompted to accept some security defaults, and to set the
+root password.  Make sure to write this down.
 
 2. Create the WordPress database and user
 
@@ -201,7 +239,9 @@ c. Create the user to use the _wordpress_ database:
 
 `MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "somepassword";`
 
-Please note that you should choose a secure password instead of "somepassword".  You will need to remember this password later when installing WordPress.
+Please note that you should choose a secure password instead of
+"somepassword".  You will need to remember this password later when
+installing WordPress.
 
 d. Flush Privileges
 
@@ -215,41 +255,68 @@ e. quit
 
 `$ sudo cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php`
 
-Now open your favorite text editor and edit `/var/www/wordpress/wp-config.php`.  Change the values for the `database_name_here`, `username_here`, and `password_here` to match the values you created in mariaDB.
+Now open your favorite text editor and edit
+`/var/www/wordpress/wp-config.php`.  Change the values for the
+`database_name_here`, `username_here`, and `password_here` to match
+the values you created in mariaDB.
 
 Save this file and exit.
 
 ## Test the WordPress installation
 
-At this point, you should have an Apache2 web server, using a LetsEncrypt certificate, pointing to a WordPress installation on your server.
+At this point, you should have an Apache2 web server, using a
+LetsEncrypt certificate, pointing to a WordPress installation on your
+server.
 
-If everything is correct, you should be able to open a web browser to _domain.com_ (or a local IP address if you are not using a public IP) and see a default WordPress site.  If you do not see this, please troubleshoot by looking back over the instructions above.  They have been tested on a Debian 10 system.
+If everything is correct, you should be able to open a web browser to
+_domain.com_ (or a local IP address if you are not using a public IP)
+and see a default WordPress site.  If you do not see this, please
+troubleshoot by looking back over the instructions above.  They have
+been tested on a Debian 10 system.
 
-If you do see Wordpress, please configure your Wordpress site and proceed to the next step when complete.
+If you do see Wordpress, please configure your Wordpress site and
+proceed to the next step when complete.
 
-Note that if you are using a self-signed certiticate, you can expect to see an error in your browser as your browser will not recognize the certificate.  This is expected for self-signed certificates.
+Note that if you are using a self-signed certiticate, you can expect
+to see an error in your browser as your browser will not recognize the
+certificate.  This is expected for self-signed certificates.
 
 ## Install WooCommerce plugin
 
-The WooCommerce project recommends Automatic Installation using the WordPress dashboard.  Those steps can be found here: https://docs.woocommerce.com/document/installation-2/ or here: https://wordpress.org/plugins/woocommerce/#installation
+The WooCommerce project recommends Automatic Installation using the
+WordPress dashboard.  Those steps can be found here:
+https://docs.woocommerce.com/document/installation-2/ or here:
+https://wordpress.org/plugins/woocommerce/#installation
 
-Because manual installation (via command line) still requires the user to log into the WordPress admin interface to "Activate" the WooCommerce plugin, this document will not detail how to install WooCommerce using the command line.  Please follow the recommended GUI-based instructions above.
+Because manual installation (via command line) still requires the user
+to log into the WordPress admin interface to "Activate" the
+WooCommerce plugin, this document will not detail how to install
+WooCommerce using the command line.  Please follow the recommended
+GUI-based instructions above.
 
 Continue through the WooCommerce installation wizard.
 
-Note: for this demonstration, the "Storefront" theme has been selected to replace the default WordPress theme.
+Note: for this demonstration, the "Storefront" theme has been selected
+to replace the default WordPress theme.
 
 ## Install and Configure the GNU Taler Payment Gateway for WooCommerce plugin
 
-If you are reading this file outside of the `woocommerce-taler` Git respository, you can get the most recent version of the GNU Taler Payment Gateway for WooCommerce plugin by cloning the correct repo:
+If you are reading this file outside of the `woocommerce-taler` Git
+respository, you can get the most recent version of the GNU Taler
+Payment Gateway for WooCommerce plugin by cloning the correct repo:
 
 `$ git clone https://git.taler.net/woocommerce-taler.git`
 
-The plugin itself is in the `plugin/GNU-Taler-Payment-Gateway/` directory.  More information about the plugin can be found in the `plugin/README.md` file and it is released under the GNU GENERAL PUBLIC LICENSE.
+The plugin itself is in the `plugin/GNU-Taler-Payment-Gateway/`
+directory.  More information about the plugin can be found in the
+`plugin/README.md` file and it is released under the GNU GENERAL
+PUBLIC LICENSE.
 
 ### Install the Plugin in WordPress
 
-1. Copy the `GNU-Taler-Payment-Gateway/` directory to `/var/www/wordpress/wp-content/plugins` on your WordPress/WooCommerce server.
+1. Copy the `GNU-Taler-Payment-Gateway/` directory to
+`/var/www/wordpress/wp-content/plugins` on your WordPress/WooCommerce
+server.
 
 Make sure to re-set directory ownership and permissions if necessary:
 
@@ -257,13 +324,21 @@ Make sure to re-set directory ownership and permissions if necessary:
 
 `$ sudo chmod -R 755 /var/www/wordpress/wp-content/plugins/GNU-Taler-Payment-Gateway/`
 
-2. Log into your WordPress site at `<your-site>/wp-admin` and navigate to the `Plugins` page; activate the `GNU Taler Payment Gateway for WooCommerce` plugin on this page.
+2. Log into your WordPress site at `<your-site>/wp-admin` and navigate
+to the `Plugins` page; activate the `GNU Taler Payment Gateway for
+WooCommerce` plugin on this page.
 
-3. In the WordPress main menu, navigate to `WooCommerce` -> `Settings` and then click the `Payments` tab.  Locate the `GNU Taler Gateway` entry and click the `Set up` button to configure the plugin.
+3. In the WordPress main menu, navigate to `WooCommerce` -> `Settings`
+and then click the `Payments` tab.  Locate the `GNU Taler Gateway`
+entry and click the `Set up` button to configure the plugin.
 
 ### Configure the GNU Taler Payment Gateway
 
-Edit the fields on this page to match your GNU Taler back-end.  To complete this configuration, you will need a GNU Taler merchant account.  If you have not signed up for a merchant account, please contact your Taler server systems administrator for authorization in the form of an API key.
+Edit the fields on this page to match your GNU Taler back-end.  To
+complete this configuration, you will need a GNU Taler merchant
+account.  If you have not signed up for a merchant account, please
+contact your Taler server systems administrator for authorization in
+the form of an API key.
 
 `Enable/Disable` - Enable or disable the GNU Taler Payment option
 `Title` - This is what the customer will see when choosing payment methods.
@@ -284,7 +359,8 @@ If you are using the Taler demo, you must add the KUDOS currency to WooCommerce
 
 2. Under `Snippets` in the WordPress GUI, choose "Add New`
 
-3. Add the following code (fromthe WooCommerce docs: https://docs.woocommerce.com/document/add-a-custom-currency-symbol/)
+3. Add the following code (fromthe WooCommerce docs:
+https://docs.woocommerce.com/document/add-a-custom-currency-symbol/)
 
 ```
 /**
@@ -315,8 +391,13 @@ function add_my_currency_symbol( $currency_symbol, $currency ) {
 
 ## Final Steps
 
-Now all you need is to add a product.  Navigate to `https://_domain.com_/wp-admin` to see your WordPress dashboard.  In the left-side menu, choose `Products` > `Add New` to add a new product, including setting the price in KUDOS.
+Now all you need is to add a product.  Navigate to
+`https://_domain.com_/wp-admin` to see your WordPress dashboard.  In
+the left-side menu, choose `Products` > `Add New` to add a new
+product, including setting the price in KUDOS.
+
+When done, `Publish` your page and now all users who visit
+`https://_domain.com` should be able to buy your new product using GNU
+Taler, assuming they have a Taler wallet installed.
 
-When done, `Publish` your page and now all users who visit `https://_domain.com` should be able to buy your new product using GNU Taler, assuming they have a Taler wallet installed.
 
-**NOTE:  Tested but did not work.  See https://bugs.gnunet.org/view.php?id=6144#c15545**
diff --git a/server-build/my-simple-cdd/README b/server-build/my-simple-cdd/README
index e06f254..2cc2043 100644
--- a/server-build/my-simple-cdd/README
+++ b/server-build/my-simple-cdd/README
@@ -8,7 +8,8 @@ specifications.
 Dependencies:
 =============
 
-* qemu
+* debian-archive-keyring
+* qemu, qemu-system, qemu-kvm
 * xorriso
 * bsdtar
 * simple-cdd
@@ -30,13 +31,30 @@ $ ./setup-system.sh
 
 to run the Debian installer to create the 'talerwoo.img'.
 
+Before booting, make sure that your system is setup to
+route packages and performs NAT for the VM (otherwise
+the installation script that runs on first startup
+will fail):
+
+$ sudo echo 1 > /proc/sys/net/ipv4/ip_forward
+$ sudo iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE
+
 Finally, boot the final image using:
 
 $ ./run-system.sh
 
+The root password will be set to "wootaler" initially.
+
+Upon first boot, you need to wait for a bit for the systemd
+service firstboot-wootaler.service to complete. You may
+want to check the logs:
+
+# journalctl -u firstboot-wootaler.service
+
+If the script fails due to say network errors, you
+should be able to simply re-run it using:
 
-Bugs:
-=====
+# firstboot-script.sh
 
-This is work in progress, the actual WooCommerce and Taler setup is still
-missing!!!
+(it will also re-run on each boot until it has
+succeeded).
diff --git a/server-build/my-simple-cdd/README.md b/server-build/my-simple-cdd/README.md
deleted file mode 100644
index a25d846..0000000
--- a/server-build/my-simple-cdd/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# README.md for using simple-cdd for WooTaler
-
-NOTE: Halted due to Debian Bug #956958
-
-Steps
-
-1 - Install simple-cdd and dependencies
-
-2 - mkdir ~/my-simple-cdd
-
-3 - cp profiles/ directory from repo
-
-4 - `~$ build-simple-cdd --verbose --profiles wootaler`
diff --git a/server-build/my-simple-cdd/make-iso.sh b/server-build/my-simple-cdd/make-iso.sh
index 31763bf..f24c6fe 100755
--- a/server-build/my-simple-cdd/make-iso.sh
+++ b/server-build/my-simple-cdd/make-iso.sh
@@ -9,12 +9,9 @@
 # kernel parameters. Badly documented!).
 
 # What does not yet work:
-# - Debian installer STILL asks for _one_ of the language options
-#   (likely kernel parameter name wrong / outdated)
 # - Debian installer asks for the 'wootaler' profile.
 #   (not sure which option to set in profiles/wootaler.preseed,
 #    or if using 'profiles' is the wrong approach entirely here)
-# - disk partitioning fails badly
 
 set -eu
 
@@ -22,7 +19,7 @@ set -eu
 export KERNEL_PARAMS="preseed/file=/cdrom/simple-cdd/default.preseed locale=en_US.UTF-8 keymap=us language=en country=US"
 
 
-build-simple-cdd --verbose --profiles wootaler --auto-profiles wootaler
+build-simple-cdd --verbose --profiles wootaler --auto-profiles wootaler --dist buster
 
 # Use shell variable, in case the above changes in the future...
 IMG=images/debian-10-amd64-CD-1.iso
diff --git a/server-build/my-simple-cdd/profiles/reclaim.packages b/server-build/my-simple-cdd/profiles/reclaim.packages
index 34ea1e0..42c551a 100644
--- a/server-build/my-simple-cdd/profiles/reclaim.packages
+++ b/server-build/my-simple-cdd/profiles/reclaim.packages
@@ -18,7 +18,7 @@ pkgconf
 libltdl-dev
 zlib1g-dev
 libsodium-dev
-python3.4
+python3.8
 texi2html
 texinfo
-gnunet //??? 0.13.1?
+gnunet
diff --git a/server-build/my-simple-cdd/profiles/wootaler.postinst b/server-build/my-simple-cdd/profiles/wootaler.postinst
index 0b8f04b..8887fb9 100755
--- a/server-build/my-simple-cdd/profiles/wootaler.postinst
+++ b/server-build/my-simple-cdd/profiles/wootaler.postinst
@@ -20,10 +20,24 @@ cat > /usr/local/bin/firstboot-script.sh <<EOF
 
 set -eu
 
+echo "Giving system time to complete setup"
+sleep 60
+
 echo "## Launching WooCommerce-Taler installation ##"
 
-cd /tmp
-git clone git://git.taler.net/woocommerce-taler.git
+cd /root
+if test -x woocommerce-taler
+then
+  echo "already exists, skipping"
+else
+  git clone git://git.taler.net/woocommerce-taler.git
+fi
+if test -x gnu-taler-payment-for-woocommerce
+then
+  echo "already exists, skipping"
+else
+  git clone git://git.taler.net/gnu-taler-payment-for-woocommerce.git
+fi
 
 # Get the necessary scripts
 yes | tr y '\n' | woocommerce-taler/server-build/QEMU-autobuild/buildWooTalerServer.sh
@@ -32,9 +46,6 @@ yes | tr y '\n' | woocommerce-taler/server-build/QEMU-autobuild/buildWebstore.sh
 
 yes | tr y '\n' | woocommerce-taler/server-build/QEMU-autobuild/buildReclaim.sh
 
-# Clean up
-# rm -rf /tmp/woocommerce-taler.git
-
 # Remove self from boot sequence
 rm /etc/systemd/system/firstboot-wootaler.service