View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011076 | Taler | merchant backend | public | 2026-02-14 23:02 | 2026-02-15 00:13 |
| Reporter | Florian Dold | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | feedback | Resolution | open | ||
| Target Version | 1.5 | ||||
| Summary | 0011076: merchant report PDF generation fails with permission error on Debian trixie | ||||
| Description | The report generation works locally on my system, but on the server we run into a permission problem. See logs below. | ||||
| Additional Information | Feb 14 21:55:57 betel taler-merchant-httpd[329291]: error: failed to load package (failed to create temporary package directory: Permission denied (os error 13)) Feb 14 21:55:57 betel taler-merchant-httpd[329291]: ┌─ usr/share/taler-merchant/typst-forms/transactions.typ:1:8 Feb 14 21:55:57 betel taler-merchant-httpd[329291]: │ Feb 14 21:55:57 betel taler-merchant-httpd[329291]: 1 │ #import "@preview/cetz:0.4.2": canvas, draw, palette Feb 14 21:55:57 betel taler-merchant-httpd[329291]: │ ^^^^^^^^^^^^^^^^^^^^^ Feb 14 21:55:57 betel taler-merchant-httpd[329291]: help: error occurred while importing this module Feb 14 21:55:57 betel taler-merchant-httpd[329291]: ┌─ tmp/taler-typst-zXYooV/0/input.typ:1:8 Feb 14 21:55:57 betel taler-merchant-httpd[329291]: │ Feb 14 21:55:57 betel taler-merchant-httpd[329291]: 1 │ #import "/usr/share/taler-merchant/typst-forms/transactions.typ": form Feb 14 21:55:57 betel taler-merchant-httpd[329291]: │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Feb 14 21:55:57 betel taler-merchant-httpd[329227]: (SQABCVGPAAJK7MQH63Y4WKY51R) ERROR typst exited with status 1 | ||||
| Tags | No tags attached. | ||||
|
|
Note that running it as root *works*: $ typst compile --root / /tmp/taler-typst-zXYooV/0/input.typ Running it via `sudo -u taler-merchant-httpd ...` results in the same error message we see above. |
|
|
Note that typst does try to download packages while building (!), so it might be that downloading the packages causes the permission issues. We either need to accommodate for this somehow or download the packages beforehand / during installation if possible. |
|
|
The folder that typst wants to write to is: /var/lib/taler-merchant/.cache/typst/packages/ |
|
|
While typst does't have an official way to download packages for "offline use", we should either hack around this or not use the package. |
|
|
We fixed it manually by creating the .cache directory and setting the permissions. We should still discuss how to properly solve this / what to do about the dynamic package downloads. |
|
|
IMO, the proper way is to use local packages (https://github.com/typst/packages?tab=readme-ov-file#local-packages). TL;DR: Typst can load packages from $XDG_DATA_HOME/typst/packages/local/$NAME/$VERSION. It solves multiple problems: * We don't need to rely on dynamically downloaded packages anymore * You don't need to break the sandbox anymore. Common files (i.e. .typ files or images) just go into a local typst package (i.e. a taler-merchant or taler-exchange typst package) that is installed with whatever package we're installing. |
|
|
I don't like this. The '.typ' files we ship with right now are mere examples, and merchants might customize them a lot. Expecting them to use local typst packages seems like bad UX. Why not have /var/lib/taler-merchant/.cache/ be RW for the taler-merchant-httpd? that seems reasonably safe. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-02-14 23:02 | Florian Dold | New Issue | |
| 2026-02-14 23:02 | Florian Dold | Status | new => assigned |
| 2026-02-14 23:02 | Florian Dold | Assigned To | => Christian Grothoff |
| 2026-02-14 23:09 | Florian Dold | Note Added: 0027722 | |
| 2026-02-14 23:12 | Florian Dold | Note Added: 0027723 | |
| 2026-02-14 23:18 | Florian Dold | Note Added: 0027724 | |
| 2026-02-14 23:19 | Florian Dold | Note Added: 0027725 | |
| 2026-02-14 23:22 | Florian Dold | Note Added: 0027726 | |
| 2026-02-14 23:22 | Florian Dold | Status | assigned => feedback |
| 2026-02-14 23:44 | Florian Dold | Note Added: 0027727 | |
| 2026-02-14 23:44 | Florian Dold | Status | feedback => assigned |
| 2026-02-14 23:45 | Florian Dold | Status | assigned => feedback |
| 2026-02-14 23:46 | Florian Dold | Note Edited: 0027727 | |
| 2026-02-15 00:01 | Florian Dold | Note Edited: 0027727 | |
| 2026-02-15 00:13 | Christian Grothoff | Note Added: 0027728 |
