Bug#685043: use initdb --auth-* options in pg_createcluster

Wed, 15 Aug 2012 19:33:16 -0700 

Package: postgresql-common
Version: 134
Severity: wishlist
Tags: patch

Beginning with PostgreSQL 9.2, pg_createcluster can use the initdb
options --auth-local and --auth-host to set the initial authentication
methods in pg_hba.conf, instead of patching up the file using regular
expressions.  Currently, this saves no code, but it will help in the
future, when old versions are phased out.

=== modified file 'debian/changelog'
--- debian/changelog	2012-07-26 19:29:57 +0000
+++ debian/changelog	2012-08-15 02:04:38 +0000
@@ -1,3 +1,11 @@
+postgresql-common (134+test1) UNRELEASED; urgency=low
+
+  * pg_createcluster: For PostgreSQL >=9.2, use initdb options to set the
+    default authentication methods, instead of modifying the configuration
+    file directly.
+
+ -- Peter Eisentraut <pet...@debian.org>  Tue, 14 Aug 2012 21:58:57 -0400
+
 postgresql-common (134) unstable; urgency=low
 
   * debian/backport-ppa: Fix syntax error.

=== modified file 'pg_createcluster'
--- pg_createcluster	2012-05-15 09:19:57 +0000
+++ pg_createcluster	2012-08-15 01:58:33 +0000
@@ -45,7 +45,12 @@
 
     @initdb = ((get_program_path 'initdb', $_[0]), '-D', $datadir);
     die 'Internal error: could not determine initdb path' unless $initdb[0];
-    push @initdb, ('-A', $ident_method);
+    if ($_[0] ge '9.2') {
+	push @initdb, ('--auth-local', $peer_method);
+	push @initdb, ('--auth-host', 'md5');
+    } else {
+	push @initdb, ('-A', $ident_method);
+    }
     push @initdb, ('--encoding', $encoding) if $encoding;
     push @initdb, ('--locale', $locale) if $locale;
     push @initdb, ('--lc-collate', $lc_collate) if $lc_collate;
@@ -136,6 +141,7 @@
 # other entries. 
 # - Change default authentication for host entries to md5.
 sub setup_pg_hba {
+    my ($version) = @_;
     $user = (getpwuid $owneruid)[0];
     $fname = "$confdir/pg_hba.conf";
     $su_comment = "
@@ -161,15 +167,18 @@
 	    $search = 0;
 	}
 
-	# default authentication for Unix socket connections
-	if ($line =~ /^#?local/) {
-	    $line =~ s/trust/$peer_method/;
-	}
-
-	# default authentication for TCP connections
-	if ($line =~ /^#?host/) {
-	    $line =~ s/($ident_method|trust)/md5/;
-	}
+	if ($version lt '9.2') {
+	    # default authentication for Unix socket connections
+	    if ($line =~ /^#?local/) {
+		$line =~ s/trust/$peer_method/;
+	    }
+
+	    # default authentication for TCP connections
+	    if ($line =~ /^#?host/) {
+		$line =~ s/($ident_method|trust)/md5/;
+	    }
+	}
+
 	push @lines, $line;
     }
     close F;
@@ -342,7 +351,7 @@
 PgCommon::set_conf_value $version, $cluster, 'postgresql.conf', 'data_directory', $datadir;
 
 # add access for database superuser
-setup_pg_hba if $newcluster;
+setup_pg_hba $version if $newcluster;
 
 # configure socket directory
 if ($socketdir && ! -e $socketdir) {

Reply via email to