From 28b97200e280b17e43e4f517b077e65875509095 Mon Sep 17 00:00:00 2001
From: Nathan Weeks <1800812+nathanweeks@users.noreply.github.com>
Date: Tue, 27 Oct 2020 06:24:23 -0500
Subject: [PATCH] Support POSTGRES_HOST_AUTH_METHOD=peer
---
docker-entrypoint.sh | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 51d871b717..04e59618dd 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -78,6 +78,10 @@ docker_init_database_dir() {
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
fi
+ if [ 'peer' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ set -- --auth=peer "$@"
+ fi
+
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
# unset/cleanup "nss_wrapper" bits
@@ -88,7 +92,7 @@ docker_init_database_dir() {
}
# print large warning if POSTGRES_PASSWORD is long
-# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
+# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' or 'peer'
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
docker_verify_minimum_env() {
@@ -106,13 +110,16 @@ docker_verify_minimum_env() {
EOWARN
fi
- if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ] && [ 'peer' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOE'
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
+ You may use "POSTGRES_HOST_AUTH_METHOD=peer" to allow
+ local connections identified by OS username without a password.
+
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
@@ -221,8 +228,9 @@ pg_setup_hba_conf() {
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
echo '# warning trust is enabled for all connections'
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+ elif [ 'peer' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
fi
- echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
} >> "$PGDATA/pg_hba.conf"
}
@@ -312,6 +320,10 @@ _main() {
fi
fi
+ if [ 'peer' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
+ set -- "$@" -c listen_addresses=''
+ fi
+
exec "$@"
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy