Mercurial > gemma
view schema/Dockerfile @ 478:3af7ca761f6a
Purge password reset role
The risk of SQL-injections and thus privilege escalation
via the metamorphic user was estimated not high enough to
justify the extra role. Thus, bring database back in line
with rev. ffdb507d5b42 and re-enable password reset.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Thu, 23 Aug 2018 16:41:44 +0200 |
| parents | 5611cf72cc92 |
| children |
line wrap: on
line source
FROM centos:7 LABEL authors="tom.gottfried@intevation.de" # Add the PostgreSQL PGP key to verify the official yum repository packages RUN rpm --import https://yum.postgresql.org/RPM-GPG-KEY-PGDG-10 &&\ # Add PostgreSQL's repository. It contains the most recent release # of PostgreSQL, 10: yum -q -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm &&\ # Install PostgreSQL 10 and PostGIS yum -q -y install postgresql10-server &&\ yum -q -y install epel-release &&\ yum -q -y install postgis24_10 pgtap10 USER postgres ENV PGBIN /usr/pgsql-10/bin/ # initdb PostgreSQL 10: ENV PGDATA /var/lib/pgsql/10/data ENV PGCONF /var/lib/pgsql/10/data/postgresql.conf RUN $PGBIN/initdb -E UTF8 2>&1 < /dev/null &&\ # Adjust PostgreSQL configuration so that remote connections to the # database are possible. echo "host all all 0.0.0.0/0 md5" >> /var/lib/pgsql/10/data/pg_hba.conf &&\ echo "listen_addresses='*'" >> $PGCONF &&\ # Keep log on stderr to be able to use docker logs sed -i '/logging_collector/s/on/off/' $PGCONF # Expose the PostgreSQL port EXPOSE 5432 # Create GEMMA role and database WORKDIR /opt/gemma COPY *.sql *.sh ./ COPY demo-data ./demo-data/ RUN $PGBIN/pg_ctl start -wo "--config_file=$PGCONF" && \ ./install-db.sh --demo --metapw "geo2Serv" && \ $PGBIN/pg_ctl stop -m smart # Set the default command to run when starting the container CMD ["/usr/pgsql-10/bin/postgres", "-D", "/var/lib/pgsql/10/data"]