Skip to content

Commit 3f585c5

Browse files
tianontianon
committed
Utilize "initdb" functionality better to allow "POSTGRES_INITDB_ARGS=--auth-local=md5"
This also closes a slight bug we've had previously where the "postgres" user is _always_ created (now we only create the user specified via the environment variables).
1 parent 2337858 commit 3f585c5

13 files changed

+169
-286
lines changed

10/alpine/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

10/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

11/alpine/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

11/docker-entrypoint.sh

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,14 @@ if [ "$1" = 'postgres' ]; then
6565
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
6666
fi
6767

68+
file_env 'POSTGRES_USER' 'postgres'
69+
file_env 'POSTGRES_PASSWORD'
70+
6871
file_env 'POSTGRES_INITDB_ARGS'
6972
if [ "$POSTGRES_INITDB_WALDIR" ]; then
7073
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
7174
fi
72-
eval "initdb --username=postgres $POSTGRES_INITDB_ARGS"
75+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
7376

7477
# unset/cleanup "nss_wrapper" bits
7578
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
@@ -79,9 +82,7 @@ if [ "$1" = 'postgres' ]; then
7982

8083
# check password first so we can output the warning before postgres
8184
# messes it up
82-
file_env 'POSTGRES_PASSWORD'
83-
if [ "$POSTGRES_PASSWORD" ]; then
84-
pass="PASSWORD :'pass'"
85+
if [ -n "$POSTGRES_PASSWORD" ]; then
8586
authMethod=md5
8687
else
8788
# The - option suppresses leading tabs but *not* spaces. :)
@@ -99,7 +100,6 @@ if [ "$1" = 'postgres' ]; then
99100
****************************************************
100101
EOWARN
101102

102-
pass=
103103
authMethod=trust
104104
fi
105105

@@ -110,34 +110,23 @@ if [ "$1" = 'postgres' ]; then
110110

111111
# internal start of server in order to allow set-up using psql-client
112112
# does not listen on external TCP/IP and waits until start finishes
113-
PGUSER="${PGUSER:-postgres}" \
113+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
114114
pg_ctl -D "$PGDATA" \
115115
-o "-c listen_addresses=''" \
116116
-w start
117117

118-
file_env 'POSTGRES_USER' 'postgres'
119118
file_env 'POSTGRES_DB' "$POSTGRES_USER"
120119

121-
psql=( psql -v ON_ERROR_STOP=1 )
120+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
121+
psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
122122

123123
if [ "$POSTGRES_DB" != 'postgres' ]; then
124-
"${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL'
124+
"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
125125
CREATE DATABASE :"db" ;
126126
EOSQL
127127
echo
128128
fi
129-
130-
if [ "$POSTGRES_USER" = 'postgres' ]; then
131-
op='ALTER'
132-
else
133-
op='CREATE'
134-
fi
135-
"${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL
136-
$op USER :"user" WITH SUPERUSER $pass ;
137-
EOSQL
138-
echo
139-
140-
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
129+
psql+=( --dbname "$POSTGRES_DB" )
141130

142131
echo
143132
for f in /docker-entrypoint-initdb.d/*; do
@@ -160,9 +149,11 @@ if [ "$1" = 'postgres' ]; then
160149
echo
161150
done
162151

163-
PGUSER="${PGUSER:-postgres}" \
152+
PGUSER="${PGUSER:-$POSTGRES_USER}" \
164153
pg_ctl -D "$PGDATA" -m fast -w stop
165154

155+
unset PGPASSWORD
156+
166157
echo
167158
echo 'PostgreSQL init process complete; ready for start up.'
168159
echo

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy