docker-images/postgres
1
0
Fork 0
mirror of https://github.com/docker-library/postgres.git synced 2025-11-17 13:02:40 +03:00
Code Activity

Merge pull request #658 from infosiftr/more-mysql

Browse Source 
Error when `POSTGRES_PASSWORD` is unset like mysql
This commit is contained in:
yosifkit
2020-02-12 15:47:15 -08:00
committed by GitHub
parent 55e3dc0380 46161d6ab3
commit 16dd8dbf87
13 changed files with 520 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
10/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
10/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
11/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
11/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
12/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
12/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.4/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.4/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.5/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.5/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.6/alpine/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
9.6/docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
mkdir -p "$POSTGRES_INITDB_XLOGDIR" mkdir -p "$POSTGRES_INITDB_XLOGDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@" set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }

62
docker-entrypoint.sh
View File

@@ -44,7 +44,7 @@ docker_create_db_directories() {
chmod 775 /var/run/postgresql || : chmod 775 /var/run/postgresql || :
# Create the transaction log directory before initdb is run so the directory is owned by the correct user # Create the transaction log directory before initdb is run so the directory is owned by the correct user
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
mkdir -p "$POSTGRES_INITDB_WALDIR" mkdir -p "$POSTGRES_INITDB_WALDIR"
if [ "$user" = '0' ]; then if [ "$user" = '0' ]; then
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP" echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
fi fi
if [ "$POSTGRES_INITDB_WALDIR" ]; then if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi fi
@@ -87,7 +87,10 @@ docker_init_database_dir() {
fi fi
} }
# print large warning if POSTGRES_PASSWORD is empty # print large warning if POSTGRES_PASSWORD is long
# error if both POSTGRES_PASSWORD is unset and POSTGRES_HOST_AUTH_METHOD is not 'trust'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() { docker_verify_minimum_env() {
# check password first so we can output the warning before postgres # check password first so we can output the warning before postgres
# messes it up # messes it up
@@ -103,22 +106,36 @@ docker_verify_minimum_env() {
EOWARN EOWARN
fi fi
if [ -z "$POSTGRES_PASSWORD" ]; then if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :) # The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
EOE
exit 1
fi
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
cat >&2 <<-'EOWARN' cat >&2 <<-'EOWARN'
**************************************************** ********************************************************************************
WARNING: No password has been set for the database. WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
This will allow anyone with access to the anyone with access to the Postgres port to access your database without
Postgres port to access your database. In a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
Docker's default configuration, this is documentation about "trust":
effectively any other container on the same https://www.postgresql.org/docs/current/auth-trust.html
system. In Docker's default configuration, this is effectively any other
container on the same system.
Use "-e POSTGRES_PASSWORD=password" to set It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
it in "docker run". it with "-e POSTGRES_PASSWORD=password" instead to set a password in
**************************************************** "docker run".
********************************************************************************
EOWARN EOWARN
fi fi
} }
@@ -185,6 +202,8 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres' file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER" file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS' file_env 'POSTGRES_INITDB_ARGS'
# default authentication method is md5
: "${POSTGRES_HOST_AUTH_METHOD:=md5}"
declare -g DATABASE_ALREADY_EXISTS declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir # look specifically for PG_VERSION, as it is expected in the DB dir
@@ -193,16 +212,15 @@ docker_setup_env() {
fi fi
} }
# append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
pg_setup_hba_conf() { pg_setup_hba_conf() {
local authMethod='md5'
if [ -z "$POSTGRES_PASSWORD" ]; then
authMethod='trust'
fi
{ {
echo echo
echo "host all all all $authMethod" if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
fi
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf" } >> "$PGDATA/pg_hba.conf"
} }