8000 Add pgsodium getkey script using /dev/urandom and update to 2.0.1 (#126) · michelp/postgres@cc8ecd4 · GitHub
[go: up one dir, main page]
Skip to content

Commit cc8ecd4

Browse files
michelpmichelp
authored
Add pgsodium getkey script using /dev/urandom and update to 2.0.1 (supabase#126)
* update to pgsodium 2.0.0 * add urandom get key script on db init. * add urandom get key script on db init. * update to pgsodium 2.0.1
1 parent a4eec09 commit cc8ecd4

File tree

4 files changed

+21
-3
lines changed

4 files changed

+21
-3
lines changed

ansible/files/pgsodium_getkey_urandom.sh.j2

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
#!/bin/bash
2+
KEY_FILE=$PGDATA/pgsodium_root.key
3+
4+
if [ ! -f "$KEY_FILE" ]; then
5+
head -c 32 /dev/urandom | od -A n -t x1 | tr -d ' \n' > $KEY_FILE
6+
fi
7+
cat $KEY_FILE

ansible/files/postgresql_config/postgresql.conf.j2

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -719,11 +719,13 @@ default_text_search_config = 'pg_catalog.english'
719719

720720
#local_preload_libraries = ''
721721
#session_preload_libraries = ''
722-
shared_preload_libraries = 'pg_stat_statements, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, safeupdate' # (change requires restart)
722+
shared_preload_libraries = 'pg_stat_statements, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, safeupdate, pgsodium' # (change requires restart)
723723
jit_provider = 'llvmjit' # JIT library to use
724724

725725
# - Other Defaults -
726726

727+
pgsodium.getkey_script= '/usr/lib/postgresql/14/bin/pgsodium_getkey_urandom.sh'
728+
727729
#dynamic_library_path = '$libdir'
728730
#gin_fuzzy_search_limit = 0
729731

ansible/tasks/postgres-extensions/18-pgsodium.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,3 +55,12 @@
5555
target: install
5656
become: yes
5757

58+
# Add pgsodium_getkey_urandom.sh
59+
- name: import pgsodium_getkey_urandom.sh
60< 98FE span class="diff-text-marker">+
template:
61+
src: files/pgsodium_getkey_urandom.sh.j2
62+
dest: /usr/lib/postgresql/14/bin/pgsodium_getkey_urandom.sh
63+
owner: postgres
64+
group: postgres
65+
mode: 0700
66+

ansible/vars.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,5 +91,5 @@ vector_arm_deb: 'https://packages.timber.io/vector/0.17.0/vector-0.17.0-arm64.de
9191
libsodium_release: "1.0.18"
9292
libsodium_release_checksum: sha1:795b73e3f92a362fabee238a71735579bf46bb97
9393

94-
pgsodium_release: "2.0.0"
95-
pgsodium_release_checksum: sha1:69f9fe125d1b2e2b1e2e3394b68ade483d7c408f
94+
pgsodium_release: "2.0.1"
95+
pgsodium_release_checksum: sha1:b6ef733c9bbae590c1eee676fd0a97fd129893e0

0 commit comments

Comments
 (0)
0