Add link to trust docs; add missing -n's to bash test

Author: yosifkit

10/alpine/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

10/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

11/alpine/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

11/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

12/alpine/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

12/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_WALDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
 		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

9.4/alpine/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
 		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }

9.4/docker-entrypoint.sh

@@ -44,7 +44,7 @@ docker_create_db_directories() {
 	chmod 775 /var/run/postgresql || :
 
 	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
-	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
 		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
@@ -74,7 +74,7 @@ docker_init_database_dir() {
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 
-	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
+	if [ -n "$POSTGRES_INITDB_XLOGDIR" ]; then
 		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
 
@@ -121,6 +121,8 @@ docker_verify_minimum_env() {
 			         This will allow anyone with access to the
 			         Postgres port to access your database without
 			         a password, even if POSTGRES_PASSWORD is set.
+			         See PostgreSQL documentation about "trust":
+			         https://www.postgresql.org/docs/12/auth-trust.html
 			         In Docker's default configuration, this is
 			         effectively any other container on the same
 			         system.
@@ -207,12 +209,14 @@ docker_setup_env() {
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_DISABLE_PASSWORDS
 pg_setup_hba_conf() {
 	local authMethod='md5'
-	if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
-		authMethod='trust'
-	fi
 
 	{
 		echo
+		if [ -n "$POSTGRES_DISABLE_PASSWORDS" ]; then
+			authMethod='trust'
+			echo '# warning trust is enabled for all connections'
+			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
+		fi
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }