From eb3eeb48ba3bb481f47a0170e146f4b0bad25b9f Mon Sep 17 00:00:00 2001 From: Birk Bohne Date: Wed, 15 Apr 2020 22:46:53 +0200 Subject: [PATCH 1/2] enable scram-sha-256 password encryption - if $POSTGRES_HOST_AUTH_METHOD is set - without that update new users are unable to logon, because the password would still be saved as md5, but the host auth is set to scram-sha-256 in pg_hba.conf --- docker-entrypoint.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index cd8ce805a4..6863e7acad 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -226,6 +226,15 @@ pg_setup_hba_conf() { } >> "$PGDATA/pg_hba.conf" } +# enable scram-sha-256 password encryption based on POSTGRES_HOST_AUTH_METHOD env var +scram-sha-256_postgresql_conf() { + { + if [ "$POSTGRES_HOST_AUTH_METHOD" = 'scram-sha-256' ]; then + sed --in-place 's/#password_encryption = md5/password_encryption = scram-sha-256/' $PGDATA/postgresql.conf + fi + } +} + # start socket-only postgresql server for setting up or running scripts # all arguments will be passed along as arguments to `postgres` (via pg_ctl) docker_temp_server_start() { @@ -289,6 +298,7 @@ _main() { ls /docker-entrypoint-initdb.d/ > /dev/null docker_init_database_dir + scram-sha-256_postgresql_conf pg_setup_hba_conf # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless From 3c7132935f8709bc2491e033aa5b2f8024e66bd4 Mon Sep 17 00:00:00 2001 From: Birk Bohne Date: Thu, 16 Apr 2020 15:29:01 +0200 Subject: [PATCH 2/2] missing whitespace added - otherwise FORCE_DEB_BUILD fails --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1727672670..debac5e654 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,9 +34,9 @@ script: set -x if [ -n "${FORCE_DEB_BUILD:+x}" ]; then [ "$(dpkg --print-architecture)" = 'amd64' ] - grep -qE 'amd64[|]' Dockerfile - sed -ri -e 's/amd64[|]//g' Dockerfile - ! grep -qE 'amd64[|]' Dockerfile + grep -qE 'amd64 [|]' Dockerfile + sed -ri -e 's/amd64 [|]//g' Dockerfile + ! grep -qE 'amd64 [|]' Dockerfile fi docker build -t "$image" . ~/official-images/test/run.sh "$image"