[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-sandcastle-ng] branch master updated (09b5039 -> ab33237)
|
From: |
gnunet |
|
Subject: |
[taler-sandcastle-ng] branch master updated (09b5039 -> ab33237) |
|
Date: |
Mon, 02 Dec 2024 23:11:11 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a change to branch master
in repository sandcastle-ng.
from 09b5039 bump tags
new 96f7841 config split, tweaks
new ab33237 config, tags
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
buildconfig/exchange.tag | 2 +-
scripts/demo/setup-sandcastle.sh | 145 +++++++++++++++++----------------------
2 files changed, 65 insertions(+), 82 deletions(-)
diff --git a/buildconfig/exchange.tag b/buildconfig/exchange.tag
index 77c2692..e55754e 100644
--- a/buildconfig/exchange.tag
+++ b/buildconfig/exchange.tag
@@ -1 +1 @@
-v0.14.1-dev.12
+v0.14.1-dev.14
diff --git a/scripts/demo/setup-sandcastle.sh b/scripts/demo/setup-sandcastle.sh
index 77e8856..038aea0 100755
--- a/scripts/demo/setup-sandcastle.sh
+++ b/scripts/demo/setup-sandcastle.sh
@@ -99,48 +99,30 @@ systemctl reset-failed
# postgres DB directory
function lift_dir() {
- src=$1
- target=$2
+ where=$1
+ src=$2
+ target=$3
if [[ -L $src ]]; then
# be idempotent
echo "$src is already a symlink"
- elif [[ -d /talerdata/$target ]]; then
- echo "symlinking existing /talerdata/$target"
+ elif [[ -d /$where/$target ]]; then
+ echo "symlinking existing /$where/$target"
rm -rf "$src"
- ln -s "/talerdata/$target" "$src"
+ ln -s "/$where/$target" "$src"
else
- echo "symlinking new /talerdata/$target"
- mv "$src" "/talerdata/$target"
- ln -s "/talerdata/$target" "$src"
+ echo "symlinking new /$where/$target"
+ mv "$src" "/$where/$target"
+ ln -s "/$where/$target" "$src"
fi
}
-function persist_exchange_key() {
- src=$1
- target=$2
- if [[ -L $src ]]; then
- # be idempotent
- echo "$src is already a symlink"
- elif [[ -d /talerdata_persistent/$target ]]; then
- echo "symlinking existing /talerdata_persistent/$target"
- rm -rf "$src"
- ln -s "/talerdata_persistent/$target" "$src"
- # if the directory is empty then we want to attempt to
- # move the keys over from the main data dir.
- # we check for an empty dir using "ls -A"
- elif [[ -z "$(ls -A /talerdata_persistent/$target)" ]]; then
- echo "symlinking new /talerdata_persistent/$target"
- mv "/talerdata/var-lib-taler/$target" "/talerdata_persistent/"
- ln -s "/talerdata_persistent/$target" "$src"
- fi
-}
-
-lift_dir /var/lib/taler var-lib-taler
-lift_dir /etc/taler etc-taler
-lift_dir /etc/libeufin etc-libeufin
-lift_dir /etc/taler etc-challenger
-lift_dir /var/lib/postgresql var-lib-postgresql
-persist_exchange_key /var/lib/taler/exchange-offline exchange-offline
+lift_dir talerdata /var/lib/taler-exchange var-lib-taler-exchange
+lift_dir talerdata /etc/taler-merchant etc-taler-merchant
+lift_dir talerdata /etc/taler-exchange etc-taler-exchange
+lift_dir talerdata /etc/taler-exchange etc-taler-auditor
+lift_dir talerdata /etc/libeufin etc-libeufin
+lift_dir talerdata /var/lib/postgresql var-lib-postgresql
+lift_dir talerdata_persistent /var/lib/taler-exchange/offline exchange-offline
# We need to adjust file ownership, as the container might have different user
and group
# IDs than the volume. That can happen when the packages in the container are
installed
@@ -148,14 +130,15 @@ persist_exchange_key /var/lib/taler/exchange-offline
exchange-offline
# This is only relevant for non-root ownership.
chown taler-exchange-offline:taler-exchange-offline
/talerdata_persistent/exchange-offline
-chown --recursive taler-exchange-offline:taler-exchange-offline
/var/lib/taler/exchange-offline/* || true
+chown --recursive taler-exchange-offline:taler-exchange-offline
/var/lib/taler-exchange/offline/* || true
+
+chown --recursive taler-exchange-secmod-cs:taler-exchange-secmod
/var/lib/taler-exchange/secmod-cs
+chown --recursive taler-exchange-secmod-rsa:taler-exchange-secmod
/var/lib/taler-exchange/secmod-rsa
+chown --recursive taler-exchange-secmod-eddsa:taler-exchange-secmod
/var/lib/taler-exchange/secmod-eddsa
-chown --recursive taler-exchange-secmod-cs:taler-exchange-secmod
/var/lib/taler/exchange-secmod-cs
-chown --recursive taler-exchange-secmod-rsa:taler-exchange-secmod
/var/lib/taler/exchange-secmod-rsa
-chown --recursive taler-exchange-secmod-eddsa:taler-exchange-secmod
/var/lib/taler/exchange-secmod-eddsa
+chown root:taler-exchange-db
/etc/taler-exchange/secrets/exchange-db.secret.conf
-chown root:taler-exchange-db /etc/taler/secrets/auditor-db.secret.conf
-chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-auditor-httpd
/etc/taler-auditor/secrets/auditor-db.secret.conf
# FIXME: More permissions to adjust!
@@ -188,11 +171,11 @@ cat <<EOF >/etc/caddy/Caddyfile
# are reverse-proxied to serve on a TCP port.
:$PORT_INTERNAL_EXCHANGE {
- reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock
+ reverse_proxy unix//run/taler-exchange/httpd/exchange-http.sock
}
:$PORT_INTERNAL_MERCHANT {
- reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock {
+ reverse_proxy unix//run/taler-merchant/httpd/merchant-http.sock {
# Set this, or otherwise wrong taler://pay URIs will be generated.
header_up X-Forwarded-Proto "https"
}
@@ -205,7 +188,7 @@ cat <<EOF >/etc/caddy/Caddyfile
}
:$PORT_INTERNAL_AUDITOR {
- reverse_proxy unix//run/taler/auditor-httpd/auditor-http.sock
+ reverse_proxy unix//run/taler-auditor/httpd/auditor-http.sock
}
:$PORT_INTERNAL_CHALLENGER {
@@ -246,12 +229,12 @@ https://$BANK_DOMAIN {
https://$EXCHANGE_DOMAIN {
tls internal
- reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock
+ reverse_proxy unix//run/taler-exchange/httpd/exchange-http.sock
}
https://$MERCHANT_DOMAIN {
tls internal
- reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock {
+ reverse_proxy unix//run/taler-merchant/httpd/merchant-http.sock {
# Set this, or otherwise wrong taler://pay URIs will be generated.
header_up X-Forwarded-Proto "https"
}
@@ -259,7 +242,7 @@ https://$MERCHANT_DOMAIN {
https://$AUDITOR_DOMAIN {
tls internal
- reverse_proxy unix//run/taler/auditor-httpd/auditor-http.sock
+ reverse_proxy unix//run/taler-auditor/httpd/auditor-http.sock
}
https://$CHALLENGER_DOMAIN {
@@ -281,18 +264,18 @@ http://$BANK_DOMAIN$PORT_SUFFIX {
}
http://$EXCHANGE_DOMAIN$PORT_SUFFIX {
- reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock
+ reverse_proxy unix//run/taler-exchange/httpd/exchange-http.sock
}
http://$MERCHANT_DOMAIN$PORT_SUFFIX {
- reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock {
+ reverse_proxy unix//run/taler-exchange/httpd/merchant-http.sock {
# Set this, or otherwise wrong taler://pay URIs will be generated.
header_up X-Forwarded-Proto "https"
}
}
http://$AUDITOR_DOMAIN$PORT_SUFFIX {
- reverse_proxy unix//run/taler/auditor-httpd/auditor-http.sock
+ reverse_proxy unix//run/taler-auditor/httpd/auditor-http.sock
}
http://$CHALLENGER_DOMAIN$PORT_SUFFIX {
@@ -468,14 +451,8 @@ taler-harness deployment provision-bank-account
"${BANK_BASEURL}" \
MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline
-LDEBUG setup)
-EXCHANGE_DB=talerexchange
-
-# Generate /etc/taler/conf.d/setup.conf
-cat <<EOF >/etc/taler/conf.d/setup.conf
-[taler]
-CURRENCY = $CURRENCY
-CURRENCY_ROUND_UNIT = $CURRENCY:0.01
-
+# Generate /tmp/sandcastle-setup.conf
+cat <<EOF >/tmp/sandcastle-setup.conf
[currency-$CURRENCY]
ENABLED = YES
name = "${NAME:=Kudos}"
@@ -486,8 +463,16 @@ fractional_normal_digits = ${FRACTIONALS:=2}
fractional_trailing_zero_digits = ${FRACTIONALS:=2}
is_currency_name_leading = NO
alt_unit_names = {"0":"${ALT_UNIT_NAME:=ク}"}
+EOF
+cp /tmp/sandcastle-setup.conf /etc/taler-exchange/conf.d/sandcastle-setup.conf
+cp /tmp/sandcastle-setup.conf /etc/taler-merchant/conf.d/sandcastle-setup.conf
+
+
+cat <<EOF >/etc/taler-exchange/conf.d/sandcastle-exchange.conf
[exchange]
+CURRENCY = $CURRENCY
+CURRENCY_ROUND_UNIT = $CURRENCY:0.01
AML_THRESHOLD = $CURRENCY:1000000
MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY
BASE_URL = $PROTO://$EXCHANGE_DOMAIN$PORT_SUFFIX/
@@ -505,7 +490,7 @@ EOF
if [[ ${ENABLE_KYC:-0} == 1 ]]; then
# KYC config
- cat <<EOF >/etc/taler/conf.d/sandcastle-kyc.conf
+ cat <<EOF >/etc/taler-exchange/conf.d/sandcastle-kyc.conf
[exchange]
enable_kyc = yes
@@ -578,17 +563,12 @@ KYC_OAUTH2_CONVERTER_HELPER =
taler-exchange-kyc-oauth2-challenger.sh
EOF
else
- rm -f /etc/taler/conf.d/sandcastle-kyc.conf
+ rm -f /etc/taler-exchange/conf.d/sandcastle-kyc.conf
fi
-cat <<EOF >/etc/taler/secrets/exchange-db.secret.conf
-[exchangedb-postgres]
-CONFIG=postgres:///${EXCHANGE_DB}
-EOF
-chmod 440 /etc/taler/secrets/exchange-db.secret.conf
-chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db
/etc/taler-exchange/secrets/exchange-db.secret.conf
-cat <<EOF >/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+cat <<EOF
>/etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf
[exchange-accountcredentials-default]
WIRE_GATEWAY_URL =
$PROTO://$BANK_DOMAIN$PORT_SUFFIX/accounts/exchange/taler-wire-gateway/
WIRE_GATEWAY_AUTH_METHOD = basic
@@ -596,17 +576,15 @@ USERNAME = exchange
PASSWORD = $(get_credential_pw bank/exchange)
EOF
-# Allow group read for the auditor
-chmod 440 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
-chown taler-exchange-wire:taler-exchange-db
/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chown taler-exchange-wire:taler-exchange-db
/etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf
-if [[ ! -e /etc/taler/conf.d/$CURRENCY-coins.conf ]]; then
+if [[ ! -e /etc/taler-exchange/conf.d/sandcastle-$CURRENCY-coins.conf ]]; then
# Only create if necessary, as each [COIN-...] section
# has a unique name with a timestamp.
taler-harness deployment gen-coin-config \
--min-amount "${CURRENCY}:0.01" \
--max-amount "${CURRENCY}:100" \
- >"/etc/taler/conf.d/$CURRENCY-coins.conf"
+ >"/etc/taler-exchange/conf.d/sandcastle-$CURRENCY-coins.conf"
fi
# Add auditor user to DB group *before* running taler-exchange-dbconfig,
@@ -616,8 +594,8 @@ usermod taler-auditor-httpd -aG taler-exchange-db
echo "Initializing exchange database"
taler-exchange-dbconfig
-taler-terms-generator -K -i /usr/share/taler/terms/exchange-tos-v0
-taler-terms-generator -K -i /usr/share/taler/terms/exchange-pp-v0
+taler-terms-generator -K -i /usr/share/taler-exchange/terms/exchange-tos-v0
+taler-terms-generator -K -i /usr/share/taler-exchange/terms/exchange-pp-v0
systemctl enable --now taler-exchange.target
@@ -626,7 +604,7 @@ taler-harness deployment wait-endpoint
$PROTO://$EXCHANGE_DOMAIN$PORT_SUFFIX/man
sudo -i -u taler-exchange-offline \
taler-exchange-offline \
- -c /etc/taler/taler.conf \
+ -c /etc/taler-exchange/taler-exchange.conf \
download \
sign \
upload
@@ -644,16 +622,18 @@ systemctl enable --now taler-exchange-offline.timer
# Set up exchange auditor
#
+# Make sandcastle exchange config available to auditor
+cp /etc/taler-exchange/conf.d/sandcastle-exchange.conf
/etc/taler-auditor/conf.d/sandcastle-exchange.conf
+
# We run the offline tooling as root, maybe in the future there should be
# a separate user created by the Debian package for that.
AUDITOR_PUB=$(taler-auditor-offline setup)
-cat <<EOF >/etc/taler/conf.d/auditor.conf
+cat <<EOF >/etc/taler-auditor/conf.d/sandcastle-auditor.conf
[auditor]
PUBLIC_KEY = $AUDITOR_PUB
EOF
-
taler-auditor-dbconfig
systemctl enable --now taler-auditor.target
@@ -663,21 +643,22 @@ systemctl enable --now taler-auditor.target
MERCHANT_DB=talermerchant
-cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf
+cat <<EOF >/etc/taler-merchant/secrets/merchant-db.secret.conf
[merchantdb-postgres]
CONFIG=postgres:///${MERCHANT_DB}
EOF
-chmod 440 /etc/taler/secrets/merchant-db.secret.conf
-chown taler-merchant-httpd:root /etc/taler/secrets/merchant-db.secret.conf
+chmod 440 /etc/taler-merchant/secrets/merchant-db.secret.conf
+chown taler-merchant-httpd:root
/etc/taler-merchant/secrets/merchant-db.secret.conf
taler-merchant-dbconfig
# The config shipped with the package can conflict with the
# trusted sandcastle exchange if the currency is KUDOS.
-rm -f /usr/share/taler/config.d/kudos.conf
+rm -f /usr/share/taler-exchange/config.d/kudos.conf
+rm -f /usr/share/taler-merchant/config.d/kudos.conf
-cat <<EOF >/etc/taler/conf.d/merchant-exchanges.conf
+cat <<EOF >/etc/taler-merchant/conf.d/sandcastle-merchant-exchanges.conf
[merchant-exchange-sandcastle]
EXCHANGE_BASE_URL = $PROTO://$EXCHANGE_DOMAIN$PORT_SUFFIX/
MASTER_KEY = $MASTER_PUBLIC_KEY
@@ -758,6 +739,8 @@ taler-harness deployment provision-merchant-instance \
--id sandbox \
--payto "payto://iban/$MERCHANT_IBAN_SANDBOX?receiver-name=Sandbox+Merchant"
+mkdir /etc/taler
+
# Now we set up the taler-merchant-demos
cat <<EOF >/etc/taler/taler-merchant-frontends.conf
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-sandcastle-ng] branch master updated (09b5039 -> ab33237),
gnunet <=