#!/bin/bash ### # Run DB migrations necessary to use Davical. # Will create the database on first-run, and only run necessary migrations on subsequent runs. # # Requires the following environment variables in addition to the container variables. # - ROOT_PGUSER # - ROOT_PGPASSWORD # - DAVICAL_ADMIN_PASS ### set -e if [ -z ${ROOT_PGUSER+x} ]; then echo "ROOT_PGUSER must be set" exit 1 fi if [ -z ${ROOT_PGPASSWORD+x} ]; then echo "ROOT_PGPASSWORD must be set" exit 1 fi if [ -z ${DAVICAL_ADMIN_PASS+x} ]; then echo "DAVICAL_ADMIN_PASS must be set" exit 1 fi if [ -z ${DBA_PGPASSWORD+x} ]; then DBA_PGPASSWORD=$PGPASSWORD fi if [ -z ${DAVICAL_SCHEMA+x} ]; then DAVICAL_SCHEMA=$DBA_PGUSER fi # store PG environment so it can be overridden as-needed DAVICAL_PGUSER=$PGUSER DAVICAL_PGPASSWORD=$PGPASSWORD DAVICAL_PGDATABASE=$PGDATABASE run_migrations() { echo "Running dba/update-davical-database, which should automatically apply any necessary DB migrations." /usr/share/davical/dba/update-davical-database \ --dbname $DAVICAL_PGDATABASE \ --dbuser $DBA_PGUSER \ --dbhost $PGHOST \ --dbpass $DBA_PGPASSWORD \ --appuser $DAVICAL_PGUSER \ --owner $DBA_PGUSER } export PGUSER=$ROOT_PGUSER export PGPASSWORD=$ROOT_PGPASSWORD export PGDATABASE= # Wait for PG connection retries=10 until pg_isready -q -t 3; do [[ retries -eq 0 ]] && echo "Could not connect to Postgres" && exit 1 echo "Waiting for Postgres to be available" retries=$((retries-1)) sleep 1 done # Check whether the database has already been setup, with awl tables. tables=$(psql -d $DAVICAL_PGDATABASE -c "\\dt") if echo "$tables" | grep -q "awl_db_revision"; then # The database already exists - just run any outstanding migrations run_migrations exit 0 fi echo "Database has not been created - running first-time database setup" # the rest of the commands are run as the dba superuser export PGUSER=$DBA_PGUSER export PGPASSWORD=$DBA_PGPASSWORD export PGDATABASE=$DAVICAL_PGDATABASE psql -qXAt -f /usr/share/awl/dba/awl-tables.sql psql -qXAt -f /usr/share/awl/dba/schema-management.sql psql -qXAt -f /usr/share/davical/dba/davical.sql run_migrations psql -qXAt -f /usr/share/davical/dba/base-data.sql # DAViCal only uses salted SHA1 at-best, but it's better than storing the password in plaintext! # see https://wiki.davical.org/index.php?title=Force_Admin_Password # from https://gitlab.com/davical-project/awl/-/blob/3f044e2dc8435c2eeba61a3c41ec11c820711ab3/inc/DataUpdate.php#L48-58 salted_password=$(php -r 'require "/usr/share/awl/inc/AWLUtilities.php"; echo session_salted_sha1($argv[1]);' "$DAVICAL_ADMIN_PASS") psql -qX \ -v pw="'$salted_password'" \ <