Update postgres #11129
Merged
Update postgres #11129
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes: - docker-library/postgres@0db92cd: Merge pull request docker-library/postgres#897 from infosiftr/auth-method-14 - docker-library/postgres@c6329e3: Adjust POSTGRES_HOST_AUTH_METHOD to automatically match configured password_encryption
Diff for 966cf9f:diff --git a/_bashbrew-cat b/_bashbrew-cat
index c6ff7d0..972ae5f 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -3,75 +3,75 @@ GitRepo: https://github.com/docker-library/postgres.git
Tags: 9.6.23, 9.6, 9, 9.6.23-stretch, 9.6-stretch, 9-stretch
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 9.6/stretch
Tags: 9.6.23-alpine, 9.6-alpine, 9-alpine, 9.6.23-alpine3.14, 9.6-alpine3.14, 9-alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 9.6/alpine
Tags: 9.6.23-bullseye, 9.6-bullseye, 9-bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 9.6/bullseye
Tags: 10.18, 10, 10.18-stretch, 10-stretch
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 10/stretch
Tags: 10.18-alpine, 10-alpine, 10.18-alpine3.14, 10-alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 10/alpine
Tags: 10.18-bullseye, 10-bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 10/bullseye
Tags: 11.13, 11, 11.13-stretch, 11-stretch
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 11/stretch
Tags: 11.13-alpine, 11-alpine, 11.13-alpine3.14, 11-alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 11/alpine
Tags: 11.13-bullseye, 11-bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 11/bullseye
Tags: 12.8, 12, 12.8-bullseye, 12-bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 12/bullseye
Tags: 12.8-alpine, 12-alpine, 12.8-alpine3.14, 12-alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 12/alpine
Tags: 13.4, 13, 13.4-bullseye, 13-bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 7d027c7fc38292e1d423c7a89fab6aa9e5ebed00
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 13/bullseye
Tags: 13.4-alpine, 13-alpine, 13.4-alpine3.14, 13-alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: ab940cbb923af99e2c7cf0e0ba5305bc6815aecc
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 13/alpine
Tags: 14.0, 14, latest, 14.0-bullseye, 14-bullseye, bullseye
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: db430ccd715678b60d7c7b9a0fee577991998837
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 14/bullseye
Tags: 14.0-alpine, 14-alpine, alpine, 14.0-alpine3.14, 14-alpine3.14, alpine3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: db430ccd715678b60d7c7b9a0fee577991998837
+GitCommit: c6329e3bf217ca53fbb78d27d756f95498cb143f
Directory: 14/alpine
diff --git a/postgres_10-alpine3.14/docker-entrypoint.sh b/postgres_10-alpine3.14/docker-entrypoint.sh
index d22f20a..d80e309 100755
--- a/postgres_10-alpine3.14/docker-entrypoint.sh
+++ b/postgres_10-alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_10-bullseye/docker-entrypoint.sh b/postgres_10-bullseye/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_10-bullseye/docker-entrypoint.sh
+++ b/postgres_10-bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_10-stretch/docker-entrypoint.sh b/postgres_10-stretch/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_10-stretch/docker-entrypoint.sh
+++ b/postgres_10-stretch/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_11-alpine3.14/docker-entrypoint.sh b/postgres_11-alpine3.14/docker-entrypoint.sh
index d22f20a..d80e309 100755
--- a/postgres_11-alpine3.14/docker-entrypoint.sh
+++ b/postgres_11-alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_11-bullseye/docker-entrypoint.sh b/postgres_11-bullseye/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_11-bullseye/docker-entrypoint.sh
+++ b/postgres_11-bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_11-stretch/docker-entrypoint.sh b/postgres_11-stretch/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_11-stretch/docker-entrypoint.sh
+++ b/postgres_11-stretch/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_12-alpine3.14/docker-entrypoint.sh b/postgres_12-alpine3.14/docker-entrypoint.sh
index d22f20a..d80e309 100755
--- a/postgres_12-alpine3.14/docker-entrypoint.sh
+++ b/postgres_12-alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_12-bullseye/docker-entrypoint.sh b/postgres_12-bullseye/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_12-bullseye/docker-entrypoint.sh
+++ b/postgres_12-bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_13-alpine3.14/docker-entrypoint.sh b/postgres_13-alpine3.14/docker-entrypoint.sh
index d22f20a..d80e309 100755
--- a/postgres_13-alpine3.14/docker-entrypoint.sh
+++ b/postgres_13-alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_13-bullseye/docker-entrypoint.sh b/postgres_13-bullseye/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_13-bullseye/docker-entrypoint.sh
+++ b/postgres_13-bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_9-alpine3.14/docker-entrypoint.sh b/postgres_9-alpine3.14/docker-entrypoint.sh
index 1cd4dbd..e871a86 100755
--- a/postgres_9-alpine3.14/docker-entrypoint.sh
+++ b/postgres_9-alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_9-bullseye/docker-entrypoint.sh b/postgres_9-bullseye/docker-entrypoint.sh
index f6379ed..0a498c3 100755
--- a/postgres_9-bullseye/docker-entrypoint.sh
+++ b/postgres_9-bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_9-stretch/docker-entrypoint.sh b/postgres_9-stretch/docker-entrypoint.sh
index f6379ed..0a498c3 100755
--- a/postgres_9-stretch/docker-entrypoint.sh
+++ b/postgres_9-stretch/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_alpine3.14/docker-entrypoint.sh b/postgres_alpine3.14/docker-entrypoint.sh
index d22f20a..d80e309 100755
--- a/postgres_alpine3.14/docker-entrypoint.sh
+++ b/postgres_alpine3.14/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
diff --git a/postgres_bullseye/docker-entrypoint.sh b/postgres_bullseye/docker-entrypoint.sh
index 697626e..e7c9a79 100755
--- a/postgres_bullseye/docker-entrypoint.sh
+++ b/postgres_bullseye/docker-entrypoint.sh
@@ -220,8 +220,7 @@ docker_setup_env() {
file_env 'POSTGRES_USER' 'postgres'
file_env 'POSTGRES_DB' "$POSTGRES_USER"
file_env 'POSTGRES_INITDB_ARGS'
- # default authentication method is md5
- : "${POSTGRES_HOST_AUTH_METHOD:=md5}"
+ : "${POSTGRES_HOST_AUTH_METHOD:=}"
declare -g DATABASE_ALREADY_EXISTS
# look specifically for PG_VERSION, as it is expected in the DB dir
@@ -231,7 +230,21 @@ docker_setup_env() {
}
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
pg_setup_hba_conf() {
+ # default authentication method is md5 on versions before 14
+ # https://www.postgresql.org/about/news/postgresql-14-released-2318/
+ if [ "$1" = 'postgres' ]; then
+ shift
+ fi
+ local auth
+ # check the default/configured encryption and use that as the auth method
+ auth="$(postgres -C password_encryption "$@")"
+ # postgres 9 only reports "on" and not "md5"
+ if [ "$auth" = 'on' ]; then
+ auth='md5'
+ fi
+ : "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
{
echo
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
@@ -305,7 +318,7 @@ _main() {
ls /docker-entrypoint-initdb.d/ > /dev/null
docker_init_database_dir
- pg_setup_hba_conf
+ pg_setup_hba_conf "$@"
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGSRelevant Maintainers: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes: