gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-sandcastle-ng] branch master updated (41afbc0 -> f8c6c08)

From: gnunet
Subject: [taler-sandcastle-ng] branch master updated (41afbc0 -> f8c6c08)
Date: Fri, 23 Aug 2024 16:47:49 +0200 
This is an automated email from the git hooks/post-receive script.

dold pushed a change to branch master
in repository sandcastle-ng.

    from 41afbc0  bump
     new bbffcde  challenger integration WIP
     new f8c6c08  challenger ports

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 Dockerfile                                      | 22 ++++++++++++++
 buildconfig/challenger.tag                      |  1 +
 data/sandcastle-challenger-auth                 |  5 ++++
 host/container-taler-sandcastle-kyctest.service |  1 +
 print-latest-versions                           |  1 +
 sandcastle-run                                  |  5 ++++
 scripts/demo/setup-sandcastle.sh                | 38 +++++++++++++++++++++++++
 7 files changed, 73 insertions(+)
 create mode 100644 buildconfig/challenger.tag
 create mode 100755 data/sandcastle-challenger-auth

diff --git a/Dockerfile b/Dockerfile
index 8de4f24..52557a8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -129,6 +129,27 @@ RUN rm -rf /build
 RUN apt-get install --no-install-recommends -y /packages/merchant/*.deb
 WORKDIR /
 
+# Challenger
+FROM exchange as challenger
+
+COPY buildconfig/challenger.* /buildconfig/
+WORKDIR /build
+RUN TAG=$(cat /buildconfig/challenger.tag) && \
+  git clone git://git.taler.net/challenger \
+  --branch $TAG && \
+  cd challenger && git checkout $(cat /buildconfig/challenger.checkout)
+WORKDIR /build/challenger
+RUN ./bootstrap && \
+    ./configure --prefix=/usr \
+               --disable-doc
+RUN dpkg-buildpackage -rfakeroot -b -uc -us
+WORKDIR /
+RUN mkdir -p /packages/challenger
+RUN mv /build/*.deb /packages/challenger
+RUN rm -rf /build
+RUN apt-get install --no-install-recommends -y /packages/challenger/*.deb
+WORKDIR /
+
 # Libeufin
 FROM base-system as libeufin
 
@@ -242,6 +263,7 @@ COPY --from=merchant /packages/merchant/* /packages/
 COPY --from=wallet /packages/wallet/* /packages/
 COPY --from=libeufin /packages/libeufin/* /packages/
 COPY --from=merchant-demos /packages/merchant-demos/* /packages/
+COPY --from=challenger /packages/challenger/* /packages/
 RUN apt-get install --no-install-recommends -y /packages/*.deb
 COPY systemd/setup-sandcastle.service /etc/systemd/system/
 RUN systemctl enable setup-sandcastle.service
diff --git a/buildconfig/challenger.tag b/buildconfig/challenger.tag
new file mode 100644
index 0000000..10c3fe3
--- /dev/null
+++ b/buildconfig/challenger.tag
@@ -0,0 +1 @@
+v0.12.1-dev.9
diff --git a/data/sandcastle-challenger-auth b/data/sandcastle-challenger-auth
new file mode 100755
index 0000000..de80db8
--- /dev/null
+++ b/data/sandcastle-challenger-auth
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+mkdir -p /tmp/challenges/
+
+exec cat >/tmp/challenges/$1
diff --git a/host/container-taler-sandcastle-kyctest.service 
b/host/container-taler-sandcastle-kyctest.service
index 27e94d2..fd60c0f 100644
--- a/host/container-taler-sandcastle-kyctest.service
+++ b/host/container-taler-sandcastle-kyctest.service
@@ -16,6 +16,7 @@ Environment=SANDCASTLE_PORT_DONATIONS=127.0.0.1:16403
 Environment=SANDCASTLE_PORT_LANDING=127.0.0.1:16405
 Environment=SANDCASTLE_PORT_LIBEUFIN_BANK=127.0.0.1:16407
 Environment=SANDCASTLE_PORT_BANK_SPA=127.0.0.1:16409
+Environment=SANDCASTLE_PORT_CHALLENGER=127.0.0.1:16410
 Restart=on-failure
 TimeoutStopSec=70
 ExecStart=/home/taler-kyctest/sandcastle-ng/sandcastle-run
diff --git a/print-latest-versions b/print-latest-versions
index f60129a..8bc6901 100755
--- a/print-latest-versions
+++ b/print-latest-versions
@@ -19,3 +19,4 @@ getver libeufin git://git.taler.net/libeufin
 getver wallet git://git.taler.net/wallet-core
 getver gnunet git://git.gnunet.org/gnunet
 getver sync git://git.taler.net/sync
+getver challenger git://git.taler.net/challenger
diff --git a/sandcastle-run b/sandcastle-run
index 39d84ee..21233e0 100755
--- a/sandcastle-run
+++ b/sandcastle-run
@@ -11,6 +11,7 @@ 
SANDCASTLE_PORT_DONATIONS=${SANDCASTLE_PORT_DONATIONS:-127.0.0.1:16003}
 SANDCASTLE_PORT_LANDING=${SANDCASTLE_PORT_LANDING:-127.0.0.1:16005}
 SANDCASTLE_PORT_LIBEUFIN_BANK=${SANDCASTLE_PORT_LIBEUFIN_BANK:-127.0.0.1:16007}
 SANDCASTLE_PORT_BANK_SPA=${SANDCASTLE_PORT_BANK_SPA:-127.0.0.1:16009}
+SANDCASTLE_PORT_CHALLENGER=${SANDCASTLE_PORT_BANK_SPA:-127.0.0.1:16010}
 
 # Container-internal ports, should by synced with scripts/setup-sandcastle.sh
 PORT_INTERNAL_EXCHANGE=8201
@@ -20,6 +21,8 @@ PORT_INTERNAL_LANDING=8501
 PORT_INTERNAL_BLOG=8502
 PORT_INTERNAL_DONATIONS=8503
 PORT_INTERNAL_BANK_SPA=8505
+PORT_INTERNAL_CHALLENGER=8506
+PORT_INTERNAL_AUDITOR=8507
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 cd $SCRIPT_DIR
@@ -55,11 +58,13 @@ exec podman run \
   -p=$SANDCASTLE_PORT_BLOG:$PORT_INTERNAL_BLOG \
   -p=$SANDCASTLE_PORT_DONATIONS:$PORT_INTERNAL_DONATIONS \
   -p=$SANDCASTLE_PORT_BANK_SPA:$PORT_INTERNAL_BANK_SPA \
+  -p=$SANDCASTLE_PORT_CHALLENGER:$PORT_INTERNAL_CHALLENGER \
   --name taler-sandcastle \
   --systemd=always \
   -v talerdata:/talerdata:Z \
   -v talerdata_persistent:/talerdata_persistent:Z \
   $OVERRIDES \
+  -v $PWD/data:/data:Z \
   -v $PWD/scripts:/scripts:Z \
   -v $PWD/scripts/$SETUP_NAME:/provision:Z \
   --entrypoint /sbin/init \
diff --git a/scripts/demo/setup-sandcastle.sh b/scripts/demo/setup-sandcastle.sh
index 5d194e2..dffccb8 100755
--- a/scripts/demo/setup-sandcastle.sh
+++ b/scripts/demo/setup-sandcastle.sh
@@ -46,6 +46,7 @@ EXCHANGE_DOMAIN=exchange.$MYDOMAIN
 MERCHANT_DOMAIN=backend.$MYDOMAIN
 BLOG_DOMAIN=shop.$MYDOMAIN
 DONATIONS_DOMAIN=donations.$MYDOMAIN
+CHALLENGER_DOMAIN=challenger.$MYDOMAIN
 
 # Ports of the services running inside the container.
 # Should be synchronized with the sandcastle-run script.
@@ -56,6 +57,8 @@ PORT_INTERNAL_LANDING=8501
 PORT_INTERNAL_BLOG=8502
 PORT_INTERNAL_DONATIONS=8503
 PORT_INTERNAL_BANK_SPA=8505
+PORT_INTERNAL_CHALLENGER=8506
+PORT_INTERNAL_AUDITOR=8507
 
 # Just make sure the services are stopped
 systemctl stop taler-exchange.target
@@ -121,6 +124,7 @@ function persist_exchange_key() {
 lift_dir /var/lib/taler var-lib-taler
 lift_dir /etc/taler etc-taler
 lift_dir /etc/libeufin etc-libeufin
+lift_dir /etc/taler etc-challenger
 lift_dir /var/lib/postgresql var-lib-postgresql
 persist_exchange_key /var/lib/taler/exchange-offline exchange-offline
 
@@ -134,6 +138,11 @@ persist_exchange_key /var/lib/taler/exchange-offline 
exchange-offline
 systemctl stop caddy.service
 
 cat <<EOF > /etc/caddy/Caddyfile
+
+# Internally reverse-proxy https://,
+# so that service can talk to each other via
+# https:// inside the container.
+
 https://$BANK_DOMAIN {
   tls internal
   reverse_proxy :8080 {
@@ -153,6 +162,11 @@ https://$MERCHANT_DOMAIN {
   reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock
 }
 
+https://$CHALLENGER_DOMAIN {
+  tls internal
+  reverse_proxy unix//run/challenger/httpd/challenger.http
+}
+
 # Services that only listen on unix domain sockets
 # are reverse-proxied to serve on a TCP port.
 
@@ -172,6 +186,13 @@ https://$MERCHANT_DOMAIN {
   root /settings.json /etc/libeufin/
   file_server
 }
+
+:$PORT_INTERNAL_CHALLENGER {
+  reverse_proxy unix//run/challenger/httpd/challenger.http {
+    # Set this, or otherwise wrong taler://pay URIs will be generated.
+    header_up X-Forwarded-Proto "https"
+  }
+}
 EOF
 
 cat <<EOF >> /etc/hosts
@@ -182,6 +203,7 @@ cat <<EOF >> /etc/hosts
 127.0.0.1 $MERCHANT_DOMAIN
 127.0.0.1 $BLOG_DOMAIN
 127.0.0.1 $DONATIONS_DOMAIN
+127.0.0.1 $CHALLENGER_DOMAIN
 # End of Taler Sandcastle Domains
 EOF
 
@@ -192,6 +214,22 @@ caddy trust
 
 systemctl start postgresql.service
 
+# Set up challenger
+
+challenger-dbconfig
+
+CHALL_CLIENT_ID=$(sudo -u challenger-httpd challenger-admin -q --add=sandbox 
https://$EXCHANGE_DOMAIN/kyc-proof/mychallenger)
+echo Challenger client ID: $CHALL_CLIENT_ID
+
+mkdir -p /etc/challenger/conf.d
+cat <<EOF >/etc/challenger/conf.d/setup-sandcastle.conf
+[challenger]
+ADDRESS_TYPE = email
+AUTH_COMMAND = /data/sandcastle-challenger-auth
+EOF
+
+systemctl enable --now challenger-httpd.service
+
 # Set up bank
 
 cat <<EOF >/etc/libeufin/libeufin-bank.conf

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]