[taler-exchange] branch master updated: fix #6769, plus some related con

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: fix #6769, plus some related con

From:	gnunet
Subject:	[taler-exchange] branch master updated: fix #6769, plus some related configuration issues and better documentation
Date:	Sun, 18 Apr 2021 02:21:06 +0200
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 294730cf fix #6769, plus some related configuration issues and better 
documentation
294730cf is described below

commit 294730cf014e3ce74f16d886516e8fc02df3bd18
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Apr 18 02:21:03 2021 +0200

    fix #6769, plus some related configuration issues and better documentation
---
 debian/changelog                    |  6 ++++++
 debian/etc/taler-exchange.conf      | 28 +++++++++++++++++++---------
 debian/etc/taler-wire.conf          |  4 ++--
 debian/taler-exchange.README.Debian | 18 +++++++++++-------
 debian/taler-exchange.postinst      | 29 +++++++++++++++++++++++++----
 debian/taler-exchange.postrm        |  1 +
 src/exchange/taler-exchange-httpd.c |  6 ++++--
 7 files changed, 68 insertions(+), 24 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 84d399c1..f2c8d98d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+taler-exchange (0.9.0-9) unstable; urgency=low
+
+  * Fix #6769: have systemd create exchange UNIX domain socket with nice 
permissions.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Sun, 18 Apr 2021 13:02:10 +0100
+
 taler-exchange (0.9.0-8) unstable; urgency=low
 
   * Fix minor memory leak.
diff --git a/debian/etc/taler-exchange.conf b/debian/etc/taler-exchange.conf
index b9eba165..34af223d 100644
--- a/debian/etc/taler-exchange.conf
+++ b/debian/etc/taler-exchange.conf
@@ -1,8 +1,12 @@
-# First line should be: "INLINE@ /etc/taler-exchange-db.conf"
-@INLINE@ /etc/taler-exchange-db.conf
+# First line should be: "INLINE@ taler-exchange-db.conf"
+# 2nd   line should be: "INLINE@ taler-secmod.conf"
+@INLINE@ taler-exchange-db.conf
+@INLINE@ taler-secmod.conf
 # Do not edit this file using 'taler-config', otherwise the line
 # above will be lost!
-
+#
+# Please read the taler-exchange.README.Debian for how to configure a Taler 
exchange.
+#
 
 [PATHS]
 
@@ -19,10 +23,16 @@ UNIXPATH = /var/lib/taler-exchange/exchange.sock
 # Only supported database is Postgres right now.
 DATABASE = postgres
 
-[taler]
-# Here you need to set the currency of your exchange:
-# CURRENCY = KUDOS
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY =
 
-[coin_FOO]
-# You must specify the various denominations to be offered by your exchange
-# in sections called "coin_".
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document.  The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf
index 02c5993f..d0484381 100644
--- a/debian/etc/taler-wire.conf
+++ b/debian/etc/taler-wire.conf
@@ -1,5 +1,5 @@
-# First line should be: "INLINE@ /etc/taler-exchange-db.conf"
-@INLINE@ /etc/taler-exchange-db.conf
+# First line should be: "INLINE@ taler-exchange-db.conf"
+@INLINE@ taler-exchange-db.conf
 # Do not edit this file using 'taler-config', otherwise the line
 # above will be lost!
 
diff --git a/debian/taler-exchange.README.Debian 
b/debian/taler-exchange.README.Debian
index def3ddc9..cce5d9ff 100644
--- a/debian/taler-exchange.README.Debian
+++ b/debian/taler-exchange.README.Debian
@@ -6,10 +6,14 @@ exchange with this minimal template. You must:
 
 * Configure the Postgres database for the exchange, ideally including
   remote replication of the database to the auditor.
-* Run taler-exchange-dbinit (also after package upgrades).
-* Edit /etc/taler-exchange.conf to must setup the currency and denominations
+* Run `taler-exchange-dbinit` (also after package upgrades).
+* Edit ``/etc/taler-secmod.conf`` to must setup the currency and denominations
   details.
-* Edit /etc/taler-wire.conf to provide details about the bank account access.
+* Edit `/etc/taler-wire.conf` to provide details about the bank account access.
+* Run `taler-exchange-offline setup` on your offline system and add
+  the resulting master public key into the ``[exchange]`` section of
+  ``/etc/taler-exchange.conf`` under ``MASTER_PUBLIC_KEY``.
+
 
 None of these are done by the Debian package because we cannot provide the
 required complete configuration details.
@@ -18,13 +22,13 @@ required complete configuration details.
 Once you have done this, you can use the following commands to start, stop or
 restart the Taler exchange:
 
-  # systemctl start taler-exchange
-  # systemctl stop taler-exchange
-  # systemctl restart taler-exchange
+  # systemctl start taler-exchange-httpd.service
+  # systemctl stop taler-exchange-httpd.service
+  # systemctl restart taler-exchange-httpd.service
 
 To permanently the exchange whenever the system boots, use:
 
-  # systemctl enable taler-exchange
+  # systemctl enable taler-exchange-httpd
 
 
  -- Christian Grothoff <grothoff@gnu.org>  Mon 28 Dec 2020 11:37:14 AM CET
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index b09550e5..72f8f6c5 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -101,11 +101,29 @@ TALER_AGGRUSER=${_AGGRUSERNAME}
 TALER_GROUP=${_GROUPNAME}
 EOF
 
+cat > "/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
+[Unit]
+Description=Taler Exchange Socket
+PartOf=taler-exchange-httpd.service
+
+[Socket]
+ListenStream=/var/lib/taler-exchange/exchange.sock
+Accept=no
+Service=taler-exchange-httpd.service
+SocketUser=${_EUSERNAME}
+SocketGroup=www-data
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
+EOF
+
 cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange REST API
-Requires=taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
-Wants=taler-exchange-wirewatch taler-exchange-aggregator 
taler-exchange-transfer
+AssertPathExists=/var/lib/taler-exchange/
+Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service 
taler-exchange-secmod-eddsa.service
+Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service 
taler-exchange-transfer.service
 After=postgres.service network.target
 
 [Service]
@@ -131,7 +149,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_RSECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@@ -146,7 +164,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_ESECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@@ -213,6 +231,8 @@ EOF
         chmod 770 /var/lib/taler-exchange/tmp
         chmod +s /var/lib/taler-exchange/tmp
 
+        chown root:${_GROUPNAME} /etc/taler-secmod.conf
+        chmod 640 /etc/taler-secmod.conf
         chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
         chmod 460 /etc/taler-wire.conf
         chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
@@ -222,6 +242,7 @@ EOF
 
         systemctl daemon-reload >/dev/null 2>&1  || true
 
+
         echo "done."
 
                # Cleaning
diff --git a/debian/taler-exchange.postrm b/debian/taler-exchange.postrm
index 8a5a007b..5cefa5bc 100644
--- a/debian/taler-exchange.postrm
+++ b/debian/taler-exchange.postrm
@@ -57,6 +57,7 @@ case "${1}" in
                fi
 
                rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange 
/etc/default/taler-exchange
+        rm -f /etc/taler-wire.conf /etc/taler-exchange-db.conf 
/etc/taler-exchange.conf
                ;;
 
        remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/src/exchange/taler-exchange-httpd.c 
b/src/exchange/taler-exchange-httpd.c
index 917b686e..a0e9de8a 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -1729,8 +1729,8 @@ main (int argc,
     if ( (-1 == flags) &&
          (EBADF == errno) )
     {
-      fprintf (stderr,
-               "Bad listen socket passed, ignored\n");
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Bad listen socket passed, ignored\n");
       fh = -1;
     }
     flags |= FD_CLOEXEC;
@@ -1740,6 +1740,8 @@ main (int argc,
                       flags)) )
       GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
                            "fcntl");
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Successfully obtained listen socket from hypervisor\n");
   }
 
   /* initialize #internal_key_state with an RC of 1 */

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread]
Current Thread
[Next in Thread]
[taler-exchange] branch master updated: fix #6769, plus some related configuration issues and better documentation, gnunet <=
Prev by Date: [gnunet] branch master updated: -fix linker flags
Next by Date: [lsd0001] branch master updated: update version
Previous by thread: [gnunet] branch master updated: -fix linker flags
Next by thread: [lsd0001] branch master updated: update version
Index(es):
- Date
- Thread