ROX-19980 pre-built scanner-db image

ludydoo · ludydoo · commit e0edb6732cb3 · 2023-10-27T15:37:20.000+02:00
diff --git a/image/db/rhel/Dockerfile b/image/db/rhel/Dockerfile
@@ -59,7 +59,16 @@ USER 70:70
 
 COPY --from=extracted_bundle /bundle/docker-entrypoint-initdb.d/definitions.sql.gz /docker-entrypoint-initdb.d/
 
-ENTRYPOINT ["docker-entrypoint.sh"]
+COPY scripts/custom-entrypoint.sh /usr/local/bin/
+COPY scripts/start-db.sh /usr/local/bin/
+
+RUN /usr/local/bin/start-db.sh
+USER root
+RUN rm -rf /usr/local/bin/start-db.sh && \
+    rm -rf /docker-entrypoint-initdb.d/definitions.sql
+USER 70:70
+ENV DATABASE_ALREADY_EXISTS=true
+ENTRYPOINT ["custom-entrypoint.sh"]
 
 EXPOSE 5432
 CMD ["postgres", "-c", "config_file=/etc/postgresql.conf"]
diff --git a/image/db/rhel/scripts/custom-entrypoint.sh b/image/db/rhel/scripts/custom-entrypoint.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# The postgres server has been started once during the build process in the Dockerfile.
+# Now we need to start it again, but this time with the correct password.
+# So we need to issue a command to change the password.
+
+set -e
+
+echo "Starting database..."
+POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql.conf &
+
+echo "Waiting for database to be ready..."
+while ! pg_isready -U postgres -h localhost -p 5432; do
+  sleep 1
+done
+
+echo "Changing password..."
+if [ "$POSTGRES_PASSWORD" != "postgres" ]; then
+  PGPASSWORD=postgres psql -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';"
+fi
+
+echo "Renaming postgres user if necessary..."
+if [ "$POSTGRES_USER" != "postgres" ]; then
+  PGPASSWORD="$POSTGRES_PASSWORD" psql -c "ALTER USER postgres RENAME TO $POSTGRES_USER;"
+fi
+
+echo "Stopping database..."
+pg_ctl -D /var/lib/postgresql/data/pgdata -w stop
+
+# Now we can start the database for real. But we will
+# forward any arguments to the actual entrypoint script
+echo "Starting database for real..."
+
+exec /usr/local/bin/docker-entrypoint.sh "$@"
diff --git a/image/db/rhel/scripts/docker-entrypoint.sh b/image/db/rhel/scripts/docker-entrypoint.sh
@@ -6,6 +6,10 @@
 ###
 ### [1]: https://github.com/docker-library/postgres/blob/master/12/bullseye/docker-entrypoint.sh
 
+if [ -n "$ROX_SCANNER_DB_INIT" ]; then
+  exit 0
+fi
+
 set -Eeo pipefail
 # TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
 
diff --git a/image/db/rhel/scripts/start-db.sh b/image/db/rhel/scripts/start-db.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -eu
+
+echo "Creating postgres.conf for initialization..."
+cat <<EOF > /tmp/postgres.conf
+listen_addresses = '*'
+EOF
+
+echo "Starting database..."
+POSTGRES_PASSWORD=postgres /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/tmp/postgres.conf
+
+echo "Waiting for database to stop..."
+pg_ctl -D /var/lib/postgresql/data/pgdata -w stop
+
+rm /tmp/postgres.conf
