Temporary workaround until kartoza/docker-postgis#129 is merged

qgis · Jun 5, 2019 · 107bf5f · 107bf5f
1 parent f198931
commit 107bf5f
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/tests/testdata/Dockerfile-postgis b/tests/testdata/Dockerfile-postgis
@@ -1,5 +1,7 @@
-FROM kartoza/postgis-11.0-2.5-1
+FROM kartoza/postgis-11.0-2.5
 
 ADD auth_system/certs_keys/localhost_ssl_cert.pem /etc/ssl/certs/localhost_ssl_cert.pem
 ADD auth_system/certs_keys/localhost_ssl_key.pem /etc/ssl/private/localhost_ssl_key.pem
 ADD auth_system/certs_keys/chains_subissuer-issuer-root_issuer2-root2.pem /etc/ssl/certs/chains_subissuer-issuer-root_issuer2-root2.pem
+
+ADD temp/setup-ssl.sh /
diff --git a/tests/testdata/temp/setup-ssl.sh b/tests/testdata/temp/setup-ssl.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+source /env-data.sh
+
+SETUP_LOCKFILE="${ROOT_CONF}/.ssl.conf.lock"
+if [ -f "${SETUP_LOCKFILE}" ]; then
+	return 0
+fi
+
+# This script will setup default SSL config
+
+# /etc/ssl/private can't be accessed from within container for some reason
+# (@andrewgodwin says it's something AUFS related)  - taken from https://github.com/orchardup/docker-postgresql/blob/master/Dockerfile
+cp -r /etc/ssl /tmp/ssl-copy/
+chmod -R 0700 /etc/ssl
+chown -R postgres /tmp/ssl-copy
+rm -r /etc/ssl
+mv /tmp/ssl-copy /etc/ssl
+
+# Needed under debian, wasnt needed under ubuntu
+mkdir -p ${PGSTAT_TMP}
+chmod 0777 ${PGSTAT_TMP}
+
+# moved from setup.sh
+echo "ssl = true" >> $CONF
+#echo "ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' " >> $CONF
+#echo "ssl_renegotiation_limit = 512MB "  >> $CONF
+echo "ssl_cert_file = '${SSL_CERT_FILE}'" >> $CONF
+echo "ssl_key_file = '${SSL_KEY_FILE}'" >> $CONF
+if [ ! -z "${SSL_CA_FILE}" ]; then
+	echo "ssl_ca_file = '${SSL_CA_FILE}'                       # (change requires restart)" >> $CONF
+fi
+#echo "ssl_crl_file = ''" >> $CONF
+
+# Put lock file to make sure conf was not reinitialized
+touch ${SETUP_LOCKFILE}