[taler-exchange] branch master updated: debian: rundir service

[gnunet]

This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 63590bb3 debian: rundir service
63590bb3 is described below

commit 63590bb350d2c42f629e5ce56735ce1365b97f82
Author: Florian Dold <florian@dold.me>
AuthorDate: Mon Jul 26 23:37:13 2021 +0200

    debian: rundir service
---
 debian/etc/taler/exchange-system.conf                     |  7 ++++---
 debian/taler-exchange.taler-exchange-httpd.service        |  3 +--
 debian/taler-exchange.taler-exchange-rundir.service       | 14 ++++++++++++++
 debian/taler-exchange.taler-exchange-secmod-eddsa.service |  1 +
 debian/taler-exchange.taler-exchange-secmod-rsa.service   |  1 +
 5 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/debian/etc/taler/exchange-system.conf 
b/debian/etc/taler/exchange-system.conf
index bdf53fce..2b7f3430 100644
--- a/debian/etc/taler/exchange-system.conf
+++ b/debian/etc/taler/exchange-system.conf
@@ -6,14 +6,15 @@
 
 [PATHS]
 
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+TALER_RUNTIME_DIR = /run/taler-exchange-private
 
 
 [exchange]
 # Debian package is configured to use a reverse proxy with a UNIX
 # domain socket. See nginx/apache configuration files.
+#
+# FIXME: This should be set to something like "NONE"
+# since systemd creates the socket for us.
 SERVE = UNIX
 UNIXPATH = /var/lib/taler-exchange/exchange.sock
 
diff --git a/debian/taler-exchange.taler-exchange-httpd.service 
b/debian/taler-exchange.taler-exchange-httpd.service
index 3bfc895d..6b902da6 100644
--- a/debian/taler-exchange.taler-exchange-httpd.service
+++ b/debian/taler-exchange.taler-exchange-httpd.service
@@ -1,7 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange REST API
-AssertPathExists=/var/lib/taler-exchange/
-Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service 
taler-exchange-secmod-eddsa.service
+Requires=taler-exchange-rundir.service taler-exchange-httpd.socket 
taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
 Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service 
taler-exchange-transfer.service
 After=postgres.service network.target
 
diff --git a/debian/taler-exchange.taler-exchange-rundir.service 
b/debian/taler-exchange.taler-exchange-rundir.service
new file mode 100644
index 00000000..c4239294
--- /dev/null
+++ b/debian/taler-exchange.taler-exchange-rundir.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Private runtime directory for the GNU Taler exchange
+
+[Service]
+# We just want to create the run directory
+Type=oneshot
+RuntimeDirectory=taler-exchange-private
+User=root
+Group=taler-exchange-private
+ExecStart=/bin/true
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service 
b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
index 569aaed8..a6e59f6a 100644
--- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
@@ -1,5 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange EdDSA security module
+Requires=taler-exchange-rundir.service
 
 [Service]
 User=taler-exchange-secmod-eddsa
diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service 
b/debian/taler-exchange.taler-exchange-secmod-rsa.service
index fa1c263a..b0c6d414 100644
--- a/debian/taler-exchange.taler-exchange-secmod-rsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service
@@ -1,5 +1,6 @@
 [Unit]
 Description=GNU Taler payment system exchange RSA security module
+Requires=taler-exchange-rundir.service
 
 [Service]
 User=taler-exchange-secmod-rsa

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.