Ubuntu Docker Images

Merge ~athos-ribeiro/ubuntu-docker-images/+git/postgresql:14-22.04-snakeoil into ~ubuntu-docker-images/ubuntu-docker-images/+git/postgresql:14-22.04

Proposed by Athos Ribeiro on 2022-12-16

Status:	Merged
Merged at revision:	13f58728b343e2ac3b4df6975fddaab7b8cacc64
Proposed branch:	~athos-ribeiro/ubuntu-docker-images/+git/postgresql:14-22.04-snakeoil
Merge into:	~ubuntu-docker-images/ubuntu-docker-images/+git/postgresql:14-22.04
Diff against target:	29 lines (+7/-0) 2 files modified Dockerfile (+2/-0) docker-entrypoint.sh (+5/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Sergio Durigan Junior	2022-12-16	Approve on 2022-12-16
Canonical Server Reporter	2022-12-16	Pending
Review via email: mp+434824@code.launchpad.net

Remove snakeoil build-time generated certificate and re-create it in the entrypoint when it does not exist.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2022-12-16:

Thanks, Athos.

Same nitpick regarding the commit message & using full path when invoking the binary. Otherwise, LGTM.

review: Approve

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2022-12-16:

Thanks Sergio!

Fixed the suggestions and merged.

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

People subscribed via source and target branches

to all changes:

1	diff --git a/Dockerfile b/Dockerfile
2	index b9819f5..99d87af 100644
3	--- a/Dockerfile
4	+++ b/Dockerfile
5	@@ -57,6 +57,8 @@ RUN set -eux; \
6	find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null \|\| rm -vf "$pyc"; done' -- '{}' +; \
7	# smoke test
8	gosu nobody true; \
9	+# Remove the snakeoil self-signed certificate generated by the ssl-cert package
10	+ rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key; \
11	# create manifest
12	mkdir -p /usr/share/rocks; \
13	(echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > /usr/share/rocks/dpkg.query;
14	diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
15	index 51d871b..655c3a1 100755
16	--- a/docker-entrypoint.sh
17	+++ b/docker-entrypoint.sh
18	@@ -2,6 +2,11 @@
19	set -Eeo pipefail
20	# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
21
22	+# re-create snakeoil self-signed certificate removed in the build process
23	+if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
24	+ /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1
25	+fi
26	+
27	# usage: file_env VAR [DEFAULT]
28	# ie: file_env 'XYZ_DB_PASSWORD' 'example'
29	# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of