mirror of
https://github.com/Dispatcharr/Dispatcharr.git
synced 2026-07-17 16:50:53 +00:00
fix: ensure PGSSL* environment variables are explicitly set by stripping inherited values
fix: use psycopg2.sql for safe database drop and create commands fix: Also check POSTGRES_SSL is true before skipping default POSTGRES_PASSWORD fix: update usage comment to reflect correct script path fix: improve cleanup logic to conditionally remove certificate directory
This commit is contained in:
parent
763f42cfff
commit
6f8ca243af
5 changed files with 11 additions and 7 deletions
|
|
@ -51,7 +51,9 @@ def _get_pg_env() -> dict:
|
|||
"sslcert": "PGSSLCERT",
|
||||
"sslkey": "PGSSLKEY",
|
||||
}
|
||||
# Always strip inherited PGSSL* vars first, then set only what is explicitly configured
|
||||
for opt_key, env_key in _ssl_env_map.items():
|
||||
env.pop(env_key, None)
|
||||
value = options.get(opt_key)
|
||||
if value:
|
||||
env[env_key] = value
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
import sys
|
||||
import psycopg2
|
||||
from psycopg2 import sql
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.conf import settings
|
||||
from django.db import connection
|
||||
|
|
@ -41,9 +42,9 @@ class Command(BaseCommand):
|
|||
conn.autocommit = True
|
||||
cur = conn.cursor()
|
||||
self.stdout.write(f"Dropping database '{db_name}'...")
|
||||
cur.execute(f"DROP DATABASE IF EXISTS {db_name};")
|
||||
cur.execute(sql.SQL("DROP DATABASE IF EXISTS {}").format(sql.Identifier(db_name)))
|
||||
self.stdout.write(f"Creating database '{db_name}'...")
|
||||
cur.execute(f"CREATE DATABASE {db_name};")
|
||||
cur.execute(sql.SQL("CREATE DATABASE {}").format(sql.Identifier(db_name)))
|
||||
cur.close()
|
||||
conn.close()
|
||||
self.stdout.write(self.style.SUCCESS(f"Database '{db_name}' has been dropped and recreated."))
|
||||
|
|
|
|||
|
|
@ -31,8 +31,9 @@ echo_with_timestamp() {
|
|||
export POSTGRES_DB=${POSTGRES_DB:-dispatcharr}
|
||||
export POSTGRES_USER=${POSTGRES_USER:-dispatch}
|
||||
# AIO mode: default to 'secret' for internal DB.
|
||||
# Modular mode: no default — cert-only auth (mTLS) uses no password.
|
||||
if [[ "${DISPATCHARR_ENV:-}" == "modular" ]]; then
|
||||
# Modular mode + TLS: no default — cert-only auth (mTLS) uses no password.
|
||||
# Modular mode + no TLS: preserve 'secret' default for backward compatibility.
|
||||
if [[ "${DISPATCHARR_ENV:-}" == "modular" && "${POSTGRES_SSL:-}" == "true" ]]; then
|
||||
export POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-}"
|
||||
else
|
||||
export POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-secret}"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# Usage: source this script with FIXED_KEY_PATH set to the destination.
|
||||
# FIXED_KEY_PATH="/data/.pg-client.key"
|
||||
# . /app/docker/init/fix-pg-ssl-key.sh
|
||||
# . /app/docker/init/00-fix-pg-ssl-key.sh
|
||||
#
|
||||
# After sourcing, POSTGRES_SSL_KEY is updated to the fixed path if a copy
|
||||
# was needed. The caller is responsible for propagating the new value to
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ fresh_volume() {
|
|||
}
|
||||
|
||||
cleanup_scenario() {
|
||||
if [ "$KEEP_ON_FAIL" = true ] && [ ${#ERRORS[@]} -gt 0 ]; then
|
||||
if [ "$KEEP_ON_FAIL" = true ] && [ "$FAIL" -gt "${SCENARIO_FAIL_BEFORE:-0}" ]; then
|
||||
log_info "Keeping resources for debugging (--keep-on-fail)"
|
||||
CLEANUP_ITEMS=()
|
||||
return
|
||||
|
|
@ -114,7 +114,7 @@ cleanup_scenario() {
|
|||
CLEANUP_ITEMS=()
|
||||
}
|
||||
|
||||
trap 'cleanup_scenario' EXIT
|
||||
trap 'cleanup_scenario; [ -n "$CERT_DIR" ] && rm -rf "$CERT_DIR"' EXIT
|
||||
|
||||
wait_for_ready() {
|
||||
local name="$1"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue