Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container doesn't start with empty POSTGRES_PASSWORD: initdb: error: password file "/dev/fd/63" is empty #1025

Closed
stanhu opened this issue Dec 22, 2022 · 2 comments · Fixed by #1026
Closed

Container doesn't start with empty POSTGRES_PASSWORD: initdb: error: password file "/dev/fd/63" is empty #1025

stanhu opened this issue Dec 22, 2022 · 2 comments · Fixed by #1026

Comments

@stanhu
Copy link
Contributor

stanhu commented Dec 22, 2022
edited
Loading

Likely due to #1024, the container no longer starts:

$ docker run -e POSTGRES_HOST_AUTH_METHOD=trust --name postgres-test postgres:12
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
         anyone with access to the Postgres port to access your database without
         a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
         documentation about "trust":
         https://www.postgresql.org/docs/current/auth-trust.html
         In Docker's default configuration, this is effectively any other
         container on the same system.

         It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
         it with "-e POSTGRES_PASSWORD=password" instead to set a password in
         "docker run".
********************************************************************************
initdb: error: password file "/dev/fd/63" is empty
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

However, it works if POSTGRES_PASSWORD is specified.

Apparently /dev/fd/63 is the pipe: https://unix.stackexchange.com/a/156088
@stanhu
Copy link
Contributor Author

stanhu commented Dec 22, 2022

On an older image, I see initdb: warning: enabling "trust" authentication for local connections:

$ docker run -e POSTGRES_HOST_AUTH_METHOD=trust --name postgres-test 8a31769da129
********************************************************************************
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
         anyone with access to the Postgres port to access your database without
         a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
         documentation about "trust":
         https://www.postgresql.org/docs/current/auth-trust.html
         In Docker's default configuration, this is effectively any other
         container on the same system.

         It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
         it with "-e POSTGRES_PASSWORD=password" instead to set a password in
         "docker run".
********************************************************************************
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
ok


Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

waiting for server to start....2022-12-22 21:16:09.522 UTC [49] LOG:  starting PostgreSQL 12.12 (Debian 12.12-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2022-12-22 21:16:09.525 UTC [49] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-12-22 21:16:09.549 UTC [50] LOG:  database system was shut down at 2022-12-22 21:16:09 UTC
2022-12-22 21:16:09.556 UTC [49] LOG:  database system is ready to accept connections
 done
server started

@bericp1
Copy link

bericp1 commented Dec 22, 2022
edited
Loading

Yeah this is happening to us too. The reason is because echo implicitly included a newline in its output whereas printf doesn't. This line is the culprit:

7a852f4#diff-79738685a656fe6b25061bb14181442210b599f746faeaba408a2401de45038aR91

Before this commit, you could not have the env variable set and it would be fine because postgres would get a nearly empty file that just contains a \n. After this commit if you don't have it set, postgres gets an actually empty file and initdb fails.

Edit: We're working around it by setting POSTGRES_PASSWORD to a dummy value for the time being.

stanhu added a commit to stanhu/postgres that referenced this issue Dec 22, 2022
@stanhu
Add newline to POSTGRES_PASSWORD file for initdb
1ffe3ab 
docker-library#1024 converted all
`echo` calls to `printf`, but this change causes the password file
used by `initdb` to be blank rather than contain a single new line.
As a result, `initdb` will fail to start with an empty value with
the error:

```
initdb: error: password file "/dev/fd/63" is empty
```

`POSTGRES_PASSWORD` can be blank if `POSTGRES_HOST_AUTH_METHOD=trust`
is used. This change adds a newline to restore the original behavior.

Closes docker-library#1025
@stanhu stanhu mentioned this issue Dec 22, 2022
Merged
stanhu added a commit to stanhu/postgres that referenced this issue Dec 22, 2022
@stanhu
Add newline to POSTGRES_PASSWORD file for initdb
41bd7bf 
docker-library#1024 converted all
`echo` calls to `printf`, but this change causes the password file
used by `initdb` to be blank rather than contain a single newline.
As a result, `initdb` will fail to start with an empty value with
the error:

```
initdb: error: password file "/dev/fd/63" is empty
```

`POSTGRES_PASSWORD` can be blank if `POSTGRES_HOST_AUTH_METHOD=trust`
is used. This change adds a newline to restore the original behavior.

Closes docker-library#1025
@github-actions github-actions bot mentioned this issue Apr 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add newline to POSTGRES_PASSWORD file for initdb stanhu/postgres
2 participants
@bericp1 @stanhu