[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: improving Debian package (untest
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: improving Debian package (untested) |
|
Date: |
Fri, 01 Jan 2021 20:43:33 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new bfbbb5f8 improving Debian package (untested)
bfbbb5f8 is described below
commit bfbbb5f8182fa668a992fadd504e43daa31962a4
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Jan 1 20:43:30 2021 +0100
improving Debian package (untested)
---
debian/conf/apache.conf | 8 ++
debian/conf/nginx.conf | 19 +++++
debian/control | 3 +
debian/db/install/pgsql | 2 +
debian/db/upgrade/pgsql | 2 +
debian/etc/taler-merchant.conf | 8 ++
debian/taler-merchant.README.Debian | 15 +++-
debian/taler-merchant.config | 7 +-
debian/taler-merchant.install | 4 +
debian/taler-merchant.postinst | 152 +++++++++++++++++++++++++++++++++++-
debian/taler-merchant.postrm | 62 ++++++++++++++-
debian/taler-merchant.prerm | 18 +++++
debian/taler-merchant.templates | 28 ++++++-
src/backend/merchant.conf | 16 ++++
14 files changed, 332 insertions(+), 12 deletions(-)
diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
new file mode 100644
index 00000000..e25d54c7
--- /dev/null
+++ b/debian/conf/apache.conf
@@ -0,0 +1,8 @@
+<Location "/taler-merchant/">
+RewriteEngine On
+RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
+RewriteRule "(.+)/private/" "-" [F]
+
+ProxyPass "unix:/var/lib/taler-merchant/merchant.sock|http://example.com/";
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf
new file mode 100644
index 00000000..a57a2e19
--- /dev/null
+++ b/debian/conf/nginx.conf
@@ -0,0 +1,19 @@
+location ~ /taler-merchant/private/ {
+ if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
+ return 401;
+ }
+ proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+}
+
+location /taler-merchant/ {
+ proxy_pass http://unix:/var/lib/taler-merchant/merchant.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+
+}
\ No newline at end of file
diff --git a/debian/control b/debian/control
index 4e5c0335..2086184c 100644
--- a/debian/control
+++ b/debian/control
@@ -42,6 +42,9 @@ Depends:
adduser,
lsb-base,
netbase,
+ apache2 | nginx | httpd,
+ postgresql,
+ dbconfig-pgsql | dbconfig-no-thanks,
${misc:Depends},
${shlibs:Depends}
Description: GNU's payment system merchant backend.
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
new file mode 100644
index 00000000..f15429b0
--- /dev/null
+++ b/debian/db/install/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-merchant-dbinit -c /etc/taler-merchant.conf
diff --git a/debian/db/upgrade/pgsql b/debian/db/upgrade/pgsql
new file mode 100644
index 00000000..f15429b0
--- /dev/null
+++ b/debian/db/upgrade/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-merchant-dbinit -c /etc/taler-merchant.conf
diff --git a/debian/etc/taler-merchant.conf b/debian/etc/taler-merchant.conf
new file mode 100644
index 00000000..ef4c1f52
--- /dev/null
+++ b/debian/etc/taler-merchant.conf
@@ -0,0 +1,8 @@
+[taler]
+# Note: change this to the currency you will use!
+CURRENCY = KUDOS
+
+[merchant]
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-merchant/merchant.sock
+DATABASE = postgres
diff --git a/debian/taler-merchant.README.Debian
b/debian/taler-merchant.README.Debian
index 3098670c..4020d42b 100644
--- a/debian/taler-merchant.README.Debian
+++ b/debian/taler-merchant.README.Debian
@@ -1,6 +1,19 @@
taler-merchant
--------------
-TBD.
+This package is a backend to be used by merchants that
+want to accept GNU Taler payments.
+
+This package is integrated with Apache or Nginx, automatically
+deploying a configuration for the backend to the respective
+Web server at the "/taler-merchant/" endpoint.
+
+To access the priviledged parts of the Taler backend, you need to provide the
+API KEY in an HTTP "Authorization" header. This Debian package creates a
+random API KEY and stores it in plaintext in
+"/var/lib/taler-merchant/master-api-key.txt." You can change the key by
+editing the respective Web server's configuration. The "master-api-key.txt"
+file is not actually required and provided for convenience.
+
-- Christian Grothoff <grothoff@gnu.org> Fri 01 Jan 2021 11:37:14 AM CET
diff --git a/debian/taler-merchant.config b/debian/taler-merchant.config
index 16ea1fee..3115a407 100644
--- a/debian/taler-merchant.config
+++ b/debian/taler-merchant.config
@@ -4,7 +4,10 @@ set -e
. /usr/share/debconf/confmodule
-db_input medium taler-exchange/autostart || true
-db_go
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/config.pgsql
+ dbc_go taler-merchant "$@"
+fi
+
db_stop
diff --git a/debian/taler-merchant.install b/debian/taler-merchant.install
index 4a24865a..162c7304 100644
--- a/debian/taler-merchant.install
+++ b/debian/taler-merchant.install
@@ -1,2 +1,6 @@
usr/bin/
usr/lib/*/taler/*.so
+debian/conf/* etc/taler-merchant/
+debian/etc/taler-merchant.conf /etc/taler-merchant.conf
+debian/db/install/* usr/share/dbconfig-common/scripts/taler-merchant/install/
+debian/db/upgrade/* usr/share/dbconfig-common/scripts/taler-merchant/upgrade/
diff --git a/debian/taler-merchant.postinst b/debian/taler-merchant.postinst
index 5cc1a6ad..baa291f6 100644
--- a/debian/taler-merchant.postinst
+++ b/debian/taler-merchant.postinst
@@ -2,15 +2,163 @@
set -e
+# Set permissions for sqlite3 file
+# (for when we support sqlite3 in the future)
+dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}"
+dbc_dbfile_perms="0600"
+
+
+# 1st argument will be the SECURITYTOKEN to use.
+apache_install() {
+ mkdir -p /etc/apache2/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+ then
+ cat /etc/taler-merchant/apache.conf | sed -e
"s/%SECURITYTOKEN%/$1/" > /etc/apache2/conf-available/taler-merchant.conf
+ fi
+ # TODO: might want to remember if *we* enabled those, and disable in postrm
+ a2enmod proxy
+ a2enmod proxy_http
+ a2enmod headers
+ a2enmod rewrite
+}
+
+# 1st argument will be the SECURITYTOKEN to use.
+nginx_install() {
+ mkdir -p /etc/nginx/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
+ then
+ cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/"
> /etc/nginx/conf-available/taler-merchant.conf
+ fi
+}
+
. /usr/share/debconf/confmodule
+
case "${1}" in
configure)
db_version 2.0
- db_get taler-merchant/autostart
- _AUTOSTART="${RET}" # boolean
+ db_get taler-merchant/username
+ _USERNAME="${RET:-taler-merchant-httpd}"
+
+ db_get taler-merchant/groupname
+ _GROUPNAME="${RET:-www-data}"
+
+ # Read default values
+ TALER_HOME="/var/lib/taler-merchant"
+
+ # Creating taler group if needed
+ if ! getent group ${_GROUPNAME} > /dev/null
+ then
+ echo -n "Creating new Taler group ${_GROUPNAME}:"
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+ # Creating taler users if needed
+ if ! getent passwd ${_USERNAME} > /dev/null
+ then
+ echo -n "Creating new Taler user ${_USERNAME}:"
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home
${TALER_HOME}/httpd ${_USERNAME}
+ echo " done."
+ fi
+
+ # Create access secret
+ SECRET=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`
+ echo SECRET > ${TALER_HOME}/master-api-key.txt
+ chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt
+ chmod 440 ${TALER_HOME}/master-api-key.txt
+
+ # Writing new values to configuration file
+ echo -n "Writing new configuration file:"
+ CONFIG_NEW=$(tempfile)
+
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the Taler init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure taler-merchant'.
+
+TALER_USER=${_USERNAME}
+TALER_GROUP=${_GROUPNAME}
+EOF
+
+
+cat > "/etc/systemd/system/taler-merchant-httpd.service" <<EOF
+[Unit]
+Description=GNU Taler payment system merchant backend
+
+[Service]
+EnvironmentFile=/etc/default/taler-merchant
+User=${_USERNAME}
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler-merchant.conf
+EOF
+
+ systemctl daemon-reload
+
+ cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+ echo " done."
+
+ # Setup postgres database (needs dbconfig-pgsql package)
+ if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/postinst.pgsql
+ dbc_pgsql_createdb_encoding="UTF8"
+ dbc_go taler-merchant "$@"
+ fi
+
+ # get database settings from dbconfig-common
+ if [ -f /etc/dbconfig-common/taler-merchant.conf ]; then
+ . /etc/dbconfig-common/taler-merchant.conf
+ case "$dbc_dbtype" in
+ pgsql)
+ taler-config -c /etc/taler-merchant.conf \
+ -s "merchantdb-postgres" \
+ -o "CONFIG" \
+ -V
"postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname"
+ taler-config -c /etc/taler-merchant.conf \
+ -s "merchant" \
+ -o "DB" \
+ -V "postgres"
+ ;;
+ sqlite3)
+ # Later: use something like:
+ # sqlite:///$DATA_DIR/merchant.db
+ # But for now, sqlite is unsupported:
+ echo "Unsupported database type $dbc_type."
+ exit 1
+ ;;
+ "")
+ ;;
+ *)
+ echo "Unsupported database type $dbc_type."
+ exit 1
+ ;;
+ esac
+ fi
+
+ # Configure Webserver
+ db_get taler-merchant/reconfigure-webserver
+ webservers="$RET"
+ for webserver in $webservers; do
+ webserver=${webserver%,}
+ if [ "$webserver" = "nginx" ] ; then
+ nginx_install "$SECRET"
+ else
+ apache_install "$SECRET"
+ fi
+ if [ -f /etc/init.d/$webserver ] ; then
+ if which invoke-rc.d > /dev/null ; then
+ if invoke-rc.d $webserver status >
/dev/null 2>&1 ; then
+ invoke-rc.d $webserver reload
3>/dev/null || true
+ fi
+ else
+ if /etc/init.d/$webserver status >
/dev/null 2>&1 ; then
+ /etc/init.d/$webserver reload
3>/dev/null || true
+ fi
+ fi
+ fi
+ done
db_stop
# Cleaning
diff --git a/debian/taler-merchant.postrm b/debian/taler-merchant.postrm
index 2564dff2..2cf6a941 100644
--- a/debian/taler-merchant.postrm
+++ b/debian/taler-merchant.postrm
@@ -15,18 +15,74 @@ pathfind() {
return 1
}
+apache_remove() {
+ if [ diff /etc/taler-merchant/apache.conf
/etc/apache2/conf-available/taler-merchant.conf >/dev/null 2>&1 ];
+ then
+ rm -f /etc/apache2/conf-available/taler-merchant.conf
+ fi
+}
+
+nginx_remove() {
+ if [ diff /etc/taler-exchange/nginx.conf
/etc/apache2/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
+ then
+ rm -f /etc/nginx/conf-available/taler-merchant.conf
+ fi
+}
+
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+fi
+
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+ dbc_go taler-merchant "$@"
+fi
+
+
+if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
+ if [ -f /usr/share/debconf/confmodule ]; then
+ db_version 2.0
+ db_get taler-merchant/reconfigure-webserver
+ webservers="$RET"
+ for webserver in $webservers; do
+ webserver=${webserver%,}
+ if [ "$webserver" = "nginx" ] ; then
+ nginx_remove
+ else
+ apache_remove
+ fi
+ done
+ fi
+fi
+
case "${1}" in
purge)
- if [ -e /usr/share/debconf/confmodule ]
+ if [ -e /usr/share/debconf/confmodule ]
then
. /usr/share/debconf/confmodule
db_version 2.0
+
+ db_get taler-merchant/username
+ _USERNAME="${RET:-taler-merchant-httpd}"
+
+ db_get taler-merchant/groupname
+ _GROUPNAME="${RET:-taler-merchant-httpd}"
else
+ _USERNAME="taler-merchant-httpd"
+ _GROUPNAME="taler-merchant-httpd"
fi
- ;;
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ if pathfind deluser
+ then
+ deluser --quiet --system ${_USERNAME} || true
+ fi
+ if pathfind delgroup
+ then
+ delgroup --quiet --system --only-if-empty ${_GROUPNAME}
|| true
+ fi
+ ;;
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
diff --git a/debian/taler-merchant.prerm b/debian/taler-merchant.prerm
new file mode 100644
index 00000000..84d4c486
--- /dev/null
+++ b/debian/taler-merchant.prerm
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+fi
+. /usr/share/dbconfig-common/dpkg/prerm
+
+if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/prerm.pgsql
+ dbc_go taler-merchant "$@"
+fi
+
+
+db_stop
+exit 0
diff --git a/debian/taler-merchant.templates b/debian/taler-merchant.templates
index 36b9e5f0..9f000393 100644
--- a/debian/taler-merchant.templates
+++ b/debian/taler-merchant.templates
@@ -1,4 +1,24 @@
-Template: taler-merchant/autostart
-Type: boolean
-Default: true
-_Description: Should the Taler merchant be launched on boot?
+Template: taler-merchant/reconfigure-webserver
+Type: multiselect
+Choices: apache2, lighttpd, nginx
+_Description: Web server to reconfigure automatically:
+ Please choose the web server that should be automatically configured
+ as a frontend for taler-merchant-httpd.
+
+
+Template: taler-merchant/username
+Type: string
+Default: taler-merchant-httpd
+_Description: Taler user:
+ Please choose the user that the taler-merchant-httpd process will run as.
+ .
+ This should be a dedicated account. If the specified account does not
+ already exist, it will automatically be created, with no login shell.
+
+Template: taler-merchant/groupname
+Type: string
+Default: www-data
+_Description: Taler group:
+ Please choose the group that the taler-merchant-httpd will run as.
+ .
+ This should be the same group that the Web server is in.
diff --git a/src/backend/merchant.conf b/src/backend/merchant.conf
index e43e406f..951246c5 100644
--- a/src/backend/merchant.conf
+++ b/src/backend/merchant.conf
@@ -53,3 +53,19 @@ WIRE_TRANSFER_DELAY = 3 week
# proposal be valid?
DEFAULT_PAY_DEADLINE = 1 day
+
+
+# Trust Taler project for "KUDOS" currency so that demos work out-of-the-box
+[merchant-exchange-kudos]
+EXCHANGE_BASE_URL = https://exchange.demo.taler.net/
+MASTER_KEY = FH1Y8ZMHCTPQ0YFSZECDH8C9407JR3YN0MF1706PTG24Q4NEWGV0
+# If currency does not match [TALER] section, the exchange
+# will be ignored!
+CURRENCY = KUDOS
+
+[merchant-auditor-kudos]
+AUDITOR_BASE_URL = https://auditor.demo.taler.net/
+AUDITOR_KEY = DSDASDXAMDAARMNAD53ZA4AFAHA2QADAMAHHASWDAWXN84SDAA11
+# If currency does not match [TALER] section, the auditor
+# will be ignored!
+CURRENCY = KUDOS
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: improving Debian package (untested),
gnunet <=