Error when POSTGRES_PASSWORD is unset like mysql
#658
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yosifkit
commented
Dec 23, 2019
tianon
approved these changes
Dec 23, 2019
tianon
approved these changes
Dec 23, 2019
|
Thank you for considering my request seriously. I'm much happier with this behaviour. One little nitpick is the result when both Ether way, I'm much less sympathetic if someone forgets to remove Proposed patchesAdd to Error-out on incompatible options: if [ -n "$POSTGRES_PASSWORD" ] && [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
cat >&2 <<-'EOE'
Error: Both POSTGRES_PASSWORD and POSTGRES_DISABLE_PASSWORDS are specified.
You must specify one and only one.
EOE
exit 1
fiOR Ignore if [ -n "$POSTGRES_PASSWORD" ] && [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
cat >&2 <<-'EOE'
WARNING: Both POSTGRES_PASSWORD and POSTGRES_DISABLE_PASSWORDS are specified.
Using POSTGRES_PASSWORD, ignoring POSTGRES_DISABLE_PASSWORDS.
EOE
unset POSTGRES_DISABLE_PASSWORDS
fiTested on P.S.: Sorry for slow feedback, end of the year crazyness left me with full inbox... |
|
Erroring on incompatible options probably makes more sense. The error wording looks sensible. I'm surprised you had to change so many places. No include files or snippets? Seems like plenty of room to miss one and leave things inconsistent. But that's not really the issue at hand. Thankyou for this. I hope you're able to get it merged, it'd help reduce the rate at which potentially wormable wide-open postgres instances are created by people who don't realise what they're doing. |
Sure, but in this case they aren't actually incompatible -- they're orthogonal. When one sets In other words, if the user asks us to disable password authentication, we do so (including spitting out a large warning). Rethinking in this context, I think the name of the variable is misleading and should more directly correspond to what it does instead of what the user intends -- we're not actually disabling "passwords" in PostgreSQL but rather asking PostgreSQL not to prompt for them by setting the authentication method to be So, perhaps we should instead call it something more explicit like
They're all templated -- we just have to commit the templating result so that Travis tests the right thing. |
Add POSTGRES_HOST_AUTH_METHOD to bring back old behavior and be similar to MYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwords
|
Swapped I'll try to get a docs PR going soon that will link to https://www.postgresql.org/docs/current/auth-pg-hba-conf.html |
tianon
approved these changes
Feb 1, 2020
|
Docs PR created: docker-library/docs#1653 |
docker-library-bot
added a commit
to docker-library-bot/official-images
that referenced
this pull request
Feb 13, 2020
Changes: - docker-library/postgres@16dd8db: Merge pull request docker-library/postgres#658 from infosiftr/more-mysql
docker-library-bot
added a commit
to docker-library-bot/official-images
that referenced
this pull request
Feb 14, 2020
Changes: - docker-library/postgres@d21499f: Update to 10.12-1.pgdg90+1 - docker-library/postgres@33e66cd: Update to 9.5.21 - docker-library/postgres@505eda1: Update to 11.7-1.pgdg90+1 - docker-library/postgres@d3908b0: Update to 11.7 - docker-library/postgres@f45fb74: Update to 9.5.21-1.pgdg90+1 - docker-library/postgres@ef7af12: Update to 9.4.26-1.pgdg90+1 - docker-library/postgres@9558084: Update to 9.6.17-1.pgdg90+1 - docker-library/postgres@8bebabd: Update to 10.12 - docker-library/postgres@06bd57c: Update to 9.6.17 - docker-library/postgres@10fe2ae: Update to 12.2-1.pgdg100+1 - docker-library/postgres@691a785: Update to 12.2 - docker-library/postgres@473b58e: Update to 9.4.26 - docker-library/postgres@16dd8db: Merge pull request docker-library/postgres#658 from infosiftr/more-mysql
tianon
referenced
this pull request
in docker-library/official-images
Feb 14, 2020
Burnt by this @tianon - now our setup requires |
BYK
added a commit
to getsentry/self-hosted
that referenced
this pull request
Feb 14, 2020
BYK
added a commit
to getsentry/sentry
that referenced
this pull request
Feb 14, 2020
BYK
added a commit
to getsentry/sentry
that referenced
this pull request
Feb 14, 2020
|
We don't have an "image version" -- our published image version is the version of PostgreSQL itself. The fact that this went out with a patch release is entirely coincidental, and it would've gone out as an update to the existing images regardless. See #681 (comment) for further explanation. The workaround for folks who want to stay insecure is to set |
This is even scarier from a versioning perspective and a shortcoming of the official images approach I guess?
If the network is limited properly this is not insecure. Having good and more secure defaults is great but if you had a bad default you don't "fix" it in a minor version bump.
See above. There's a reason why semver exists and people rely on those semantics. We can tolerate changes in images as long as they are patch releases which was what we have set and here we are. |
ezkl
added a commit
to ezkl/redash
that referenced
this pull request
Mar 17, 2020
Redash's docker-compose file will no longer bring up an environment from a cold start due to recent upstream changes to the postgres image that force the user to either set a password for the default superuser or opt-in to allowing all connections without a password via environment variable. Upstream PR: docker-library/postgres#658 Related Discussion: docker-library/postgres#681
This was referenced Mar 18, 2020
arikfr
pushed a commit
to getredash/redash
that referenced
this pull request
Mar 18, 2020
Redash's docker-compose file will no longer bring up an environment from a cold start due to recent upstream changes to the postgres image that force the user to either set a password for the default superuser or opt-in to allowing all connections without a password via environment variable. Upstream PR: docker-library/postgres#658 Related Discussion: docker-library/postgres#681
jmbott
added a commit
to SEL-Columbia/minigrid-server
that referenced
this pull request
Apr 7, 2020
DeeDeeG
added a commit
to RefugeRestrooms/refugerestrooms
that referenced
this pull request
Apr 12, 2020
Squashed commit of the following: commit a3ba4b7 Author: DeeDeeG <[email protected]> Date: Fri Apr 3 22:10:09 2020 -0400 Update Node.JS and Ruby Dependencies (#617) * Gemfile[.lock]: Update rails to 5.2.4.2 Also update its dependencies, as required. * Gemfile[.lock]: Update grape and grape-swagger Also update their dependencies, as needed. * Gemfile[.lock]: Update activeadmin * Gemfile: Pin sprockets to "< 4" The 4.x major version upgrade requires some configuration changes. Pinning keeps the app from breaking when doing `bundle update`. * Gemfile.lock: Update all packages * yarn.lock: Update all packages commit 15fe9f7 Author: DeeDeeG <[email protected]> Date: Thu Apr 2 16:02:39 2020 -0400 Ruby: Update from 2.5.7 to 2.5.8 (#618) commit cc9f2a7 Author: DeeDeeG <[email protected]> Date: Tue Mar 17 15:02:57 2020 -0400 Update docker config (#616) * Dockerfile: Use better PhantomJS URL GitHub's CDN is more reliable than BitBucket's. (This is the URL we originally used as of PR #435, which was the initial implementation of our Docker setup.) * docker-compose.yml: Add password for PostgreSQL db This is in response to a recent change in the PostgreSQL Docker image. Either the database must be configured to not check passwords, i.e. `POSTGRESQL_HOST_AUTH_METHOD=trust`, or a password must now be set. For explanation and context, see: - docker-library/postgres#658 - docker-library/postgres#681 - docker-library/postgres#580 - https://discuss.circleci.com/t/postgresql-image-password-not-specified-issue/34555
mi-wood
added a commit
to RefugeRestrooms/refugerestrooms
that referenced
this pull request
Apr 13, 2020
* db/seeds.rb: Give restroom entries an edit_id (#567) Only applies during development and testing when we use the "db/export.csv" data. Doesn't affect production, which uses the real data in its db. * Explain how to run individual tests and access psql (#570) Also, clarify that there are two containers, web and db, rather than just one; these can be viewed using docker ps * Make filter with "focus" class more readable * Remove unused li * Allow dropdown menu text to wrap and fit within the dropdown Add border bottom to give each menu item more separation * yarn.lock: Update jquery (#587) * Dockerfile: Update and streamline steps (#586) Does effectively the same things as before, but now in a simpler/faster way. Some of the changes take inspiration from @btyy77c's dockerAlpine branch: https://github.com/btyy77c/refugerestrooms/blob/dockerAlpine/Dockerfile The PhantomJS install is based on (mostly copy-pasted from) @nkovacs' phantomjs image from Docker Hub: https://github.com/nkovacs/selenium-standalone-phantomjs/blob/c5f6bba218472270/Dockerfile#L19-L22 * Dockerfile: Get latest Node.js in a major version (#589) (Also installs Node.js in /usr/local/ instead of installing Node.js in the root directory.) With this updated script, we specify just a major version and the script picks the latest minor/patch version within that. -- Nodejs.org does most of the work by maintaining the "latest-v[MAJOR]" folders; We only need to parse the "SHASUMS256.txt" file from there, and pick the "linux-x64" variant, which works with our Docker setup. At this point we can use the known directory URL, plus the filename extracted from "SHASUMS256.txt", and download with curl, or wget, etc. (e.g. "curl -L https://nodejs.org/dist/latest-v10.x/node-v10.16.0-linux-x64.tar.xz -o nodejs.tar.xz") -- There is no "latest-LTS" folder or similar, so automatically getting the latest LTS version would be more difficult. We could search "nodejs.org/dist/" for folders with the name "latest-[LETTERS-ONLY-STRING]", which would be the folders of all the LTS codenames. Among these, the one with the alphabetically last name is the latest LTS. This would work at least until around 2040, when they may have to loop around and re-use some earlier letters (a, b, c, etc.) * Update Node.js and Ruby dependencies (#590) * yarn.lock: Update Node.js packages * Gemfile.lock: Update gems * Add Bugsnag to readme To fufill the open source agreement, we have to link to bugsnag now in our readme. * .travis.yml: Use minimal base image for Travis CI We do all the setup/build steps inside a Docker container, so we don't need ruby tools outside of Docker (on the Travis CI virtual machine instances). Should save about 20 seconds of Travis CI build time. -- Inspired by @btyy77c who did this first at their dockerAlpine branch: - btyy77c@393cf46 Documentation at Travis re: minimal/generic images: - https://docs.travis-ci.com/user/languages/minimal-and-generic/ * docker-compose.yml: Use postgresql:alpine image This (the Alpine Linux-based postgresql image) is a smaller image than the debian-based postgresql image, so it should be marginally faster to download. Seems like a good idea in general, to speed up build times (even outside of Travis CI). Also should save some disk space for developers. -- Inspired by the general concept of @btyy77c's dockerAlpine branch: - https://github.com/btyy77c/refugerestrooms/commits/dockerAlpine Docker Hub documentation on the alpine vs debian postgres images: - https://hub.docker.com/_/postgres#image-variants * layouts/_footer.html.haml: Remove tumblr link * stylesheets/.../common: Remove tumblr icon stlye * en/footer.en.yml: Remove string for tumblr blog This isn't needed anymore, since we have removed the tumblr link from the footer. * removed tumblr from about page (#593) I noticed we were removing tumblr, here's one more instance * Create about.fil.yml (#465) * Filipino Translation devise.fil.yml (#454) * Create devise.fil.yml * Update devise.fil.yml * Update for devise.fil.yml @100% Translation * Update and rename devise.fil.yml to devise.fl.yml * Update and rename devise.fl.yml to devise.fil.yml * 100% completed for restroom.fil.yml file (#467) * Create restroom.fil.yml * Translations for EN to FIL Issue 451 (#556) Translated files from EN to FIL #451 * config/locales/fil/: Remove tumblr See #592 and #593 * Updated filipino translations * switched sass-rails gem (#595) * switched sass-rails gem (sass-rails --> sassc-rails) * Changed the word `restroom` to `banyo` to be mroe understandable to most Filipinos * Fixed some unnoticed words that needed some changes in translation * additional translation changes * config/application.rb: Add 'fil' locale (Filipino) Enables translations as merged in #596 * .travis.yml: Set "dist" to "trusty" (#600) Should allow our CI tests to pass while we investigate test failures on xenial and newer. * production.rb: Fix i18n.fallbacks deprecation warn * config/application.rb: Add Tagalog (:tl) locale * production.rb: I18n fallbacks for :tl --> :fil We don't maintain separate translations for "Tagalog" and Filipino, since they are arguably the same language. However, Firefox only allows users to set "Tagalog" as preferred, and Chrome only allows users to set "Filipino" as preferred. To support both browsers, we must support both the "Tagalog" and the "Filipino" locales. (These locales use the "tl" and "fil" locale codes, respectively.) * config/application.rb: Set default locale to "en" * package.json: Update swagger to master with patch * yarn.lock: Commit updated (indirect) dependencies * yarn.lock: Update all packages * Gemfile[.lock]: Update devise, simple_form * yarn.lock: Upgrade swagger-ui's dependencies * Ruby: Upgrade from 2.5.3 to 2.5.7 * Dockerfile: Work around an issue with phantomjs When running the tests, cliver tries to check that PhantomJS's version is within a certain range, by running "phantomjs --version". The "phantomjs --version" command fails for some reason on the new ruby:2.5.7-slim Docker base image. Perhaps because the new Docker image is based on Debian 10 "Buster," whereas the old Docker image was based on Debian 9 "Stretch"? This commit's workaround allows "phantomjs --version" to work again. * Fix Travis tests failing on distributions other than trusty (#606) * Revert ".travis.yml: Set "dist" to "trusty" (#600)" This reverts commit ac8f6ab. Doing this to run tests on Travis to investigate why they aren't passing. * Explicitly require locations.rb in rspec.rb Tentative fix for tests not passing in xenial but passing in trusty. This might be because different distributions load files in a different order. In xenial, `rspec.rb` might get loaded before `locations.rb`, making `Locations` uninitialized. Explicit require fixes this. * Dockerfile: Upgrade Node from v10.x to v12.x (#603) Node 12 "Erbium" is the newest Long Term Service release. We should either pin a version of Node in our package.json file, or stay on the latest LTS version of Node; Heroku will use the latest LTS version of Node in production if we don't have any versions pinned in our package.json * Webpack Upgrade (#607) * Updated webpacker gem * Upgraded yarn packages * Ran webpack:install process. Working without rails-erb-loader * Added rails-erb-loader to webpack * Fixed include PgSearch warning * Added .dockerignore * PR #607: Minor tweaks/cleanup - Adjust Gemfile[.lock] to specify webpacker within the 4.x series, rather than any version 4.0 or greater. - Delete some duplicate entries in the .gitignore file * CONTRIBUTING.md: Remove the reference to "Cmd + C" The "Cmd + C" keyboard shortcut is for copying text, not quitting programs in the terminal. The proper way to quit programs in the terminal under macOS is "Ctrl + C", the same as Linux. Referring to "Cmd + C" here was based on a mistaken assumption that "Ctrl" on Windows or Linux always gets translated to "Cmd" on macOS. (In fact, some uses of "Ctrl" on Windows/Linux are preserved as-is on macOS. It's a mixed bag.) Deleting the reference to "Ctrl + C", to make the guidance clearer. * db/schema.rb: Commit with underscores in date The date gets underscores added automatically when running migrations on the database. Committing with the underscores so the change isn't flagged by git when no code has been changed. * restrooms_spec.rb: Fix a test (#608) Background: The Mission Creek Cafe in San Francisco has been closed for some time. Google Maps API now resolves "Mission Creek Cafe" to a coffee shop in Washington state. Washington is too far away from our stub restroom entries; No stub restrooms are located near Washington, so no restroom results are shown on our results page for this search. The test expects to see a stub restroom entry on the reults page, but does not see it, and so the test fails. --- Fix: search the Maps API for "San Francisco," not "Mission Creek Cafe" (This returns a lat/long associated with San Francisco not Washington) * Update some dependencies, fix some deprecation warnings (#609) * Gemfile[.lock]: Update simplecov Fixes a deprecation warning * restrooms_spec.rb: Use 'successful' not 'success' Rspec's `be_success` and `.success?` are deprecated. Rspec's `be_successful` and `.successful?` are the non-deprecated versions of this check. (This fixes the associated deprecation warning) * Gemfile.lock: Bump some dependencies Upgraded loofah, puma, rack, and rack-cors, plus their dependencies. * Tweak CSS a bit for narrow screens (e.g. mobile phones) (#610) * CSS: Add some styles for narrow screens For screen widths ~340px or narrower. (Such a narrow screen is found, for example, on the original iPhone through to the iPhone 5S and iPhone SE.) - Makes the "+" icon on the "Add A Restroom" button appear in a more correct-looking position. - Fixes the overlap of the "Refuge Restrooms" text with the "hamburger" drop-down menu button in the header/nav section. - Adds a class via the haml source (.nav-column) to make applying one of the style rules easier. * CSS: No double-padding on nested `.container`s Eliminate double-padding in cases of an [element].container immediately inside another [element].container. (Doing this only directly under the header div, just to be conservative.) The 15px + 15px = 30px of padding on both sides seemed unintentionally wide. Also, I think this looks nicer. Helps with the tight fit on mobile devices, too. (Should affect the header/nav on all pages other than the home page, aka the splash page, due to the way the pages are coded.) * CSS: Center logo and brand name on narrow screens (#611) * _mobile.scss: Lower logo/brand on narrow screens Adjust the CSS "top" property to set the logo and "brand name" ("Refuge Restrooms") slightly lower within the navbar on narrow screens. This is to adjust for the navbar being responsively taller on narrower screens. "767px screen width" happens to be the responsive threshold for that height change for the navbar. * _mobile.scss: Move 342px rules, adjust whitespace Moved the "max 342px" rules to the bottom, so all screen-width-related style rules are in descending order of the sizes that they apply to. (For consistency). Adjusted the use of newlines in this stylesheet to be more consitent. * Update docker config (#616) * Dockerfile: Use better PhantomJS URL GitHub's CDN is more reliable than BitBucket's. (This is the URL we originally used as of PR #435, which was the initial implementation of our Docker setup.) * docker-compose.yml: Add password for PostgreSQL db This is in response to a recent change in the PostgreSQL Docker image. Either the database must be configured to not check passwords, i.e. `POSTGRESQL_HOST_AUTH_METHOD=trust`, or a password must now be set. For explanation and context, see: - docker-library/postgres#658 - docker-library/postgres#681 - docker-library/postgres#580 - https://discuss.circleci.com/t/postgresql-image-password-not-specified-issue/34555 * Ruby: Update from 2.5.7 to 2.5.8 (#618) * Update Node.JS and Ruby Dependencies (#617) * Gemfile[.lock]: Update rails to 5.2.4.2 Also update its dependencies, as required. * Gemfile[.lock]: Update grape and grape-swagger Also update their dependencies, as needed. * Gemfile[.lock]: Update activeadmin * Gemfile: Pin sprockets to "< 4" The 4.x major version upgrade requires some configuration changes. Pinning keeps the app from breaking when doing `bundle update`. * Gemfile.lock: Update all packages * yarn.lock: Update all packages * Implement Google's reCAPTCHA (#566) * Add server reCAPTCHA verification for contacts Added a temporary secret key for testing in .env, which is loaded by the dotenv gem. In production, just put another key in the Heroku env variable settings. * Add reCAPTCHA to contacts submission page * Enable browser form validation by default This gets form input validated on the client side, which gives faster feedback to the user, without the need for a custom solution. This feature is supported in all modern browsers. * Add reCAPTCHA to restrooms page * Make stub for reCAPTCHA verification during tests Co-authored-by: Mikena Wood <[email protected]> Co-authored-by: DeeDeeG <[email protected]> Co-authored-by: Kai Middleton <[email protected]> Co-authored-by: hkly <[email protected]> Co-authored-by: Teagan <[email protected]> Co-authored-by: Joe Wadcan <[email protected]> Co-authored-by: vinzruzell <[email protected]> Co-authored-by: hnarasaki <[email protected]> Co-authored-by: Bryan Mark Fajutag <[email protected]> Co-authored-by: Emily Ring <[email protected]> Co-authored-by: Jason Chen <[email protected]>
mryan43
added a commit
to swissquote/carnotzet
that referenced
this pull request
Apr 20, 2020
igabaydulin
added a commit
to igabaydulin/debezium-postgres-shutdown
that referenced
this pull request
Apr 28, 2020
danp
added a commit
to OneBusAway/onebusaway-docker
that referenced
this pull request
May 3, 2020
In docker-library/postgres#658 a change was made to the postgres image to require a password by default or explicit disabling of auth. For bin/ci, disable auth to keep configs simple. Add a note reminding that doing this is highly insecure and should not be done in production.
vjocw
added a commit
to vjocw/cloud-code-samples
that referenced
this pull request
May 12, 2020
If this is not set, it shuts down DB containers. Causes users to not be able to Deploy or to Debug the containers. Relevant PR: docker-library/postgres#658
simonz130
pushed a commit
to GoogleCloudPlatform/cloud-code-samples
that referenced
this pull request
May 12, 2020
If this is not set, it shuts down DB containers. Causes users to not be able to Deploy or to Debug the containers. Relevant PR: docker-library/postgres#658
This was referenced Jun 12, 2020
MaicolBen
pushed a commit
to hinthealth/onpremise
that referenced
this pull request
Jul 20, 2020
bjgill
added a commit
to Crown-Commercial-Service/digitalmarketplace-runner
that referenced
this pull request
Jan 6, 2021
We need to upgrade to Postgres 12 by mid-February. We can't go directly, we need to go via Postgres 10 - https://docs.cloud.service.gov.uk/deploying_services/postgresql/#upgrade-to-postgresql-10. Upgrade dmrunner to use postgres 10 so we can test locally. After pulling this commit, you will need to run `make data` to re-initialise the database. We need to add `POSTGRES_HOST_AUTH_METHOD` because the postgres docker container has changed to require it: docker-library/postgres#658
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add
POSTGRES_HOST_AUTH_METHODto bring back old behavior and be similar toMYSQL_ALLOW_EMPTY_PASSWORD, but add warning when "trust" is used since it disables all passwordsFixes #580.