Yedidyah Bar David has uploaded a new change for review. Change subject: packaging: engine-backup: Safer password input ......................................................................
packaging: engine-backup: Safer password input Allow passing db password also interactively and using an environment variable, in addition to using a file and using a command line option. Bug-Url: https://bugzilla.redhat.com/1002401 Change-Id: Icbc497af2653417beab54a9be307332cdf69a48a Signed-off-by: Yedidyah Bar David <[email protected]> --- M packaging/bin/engine-backup.sh 1 file changed, 36 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/06/20606/1 diff --git a/packaging/bin/engine-backup.sh b/packaging/bin/engine-backup.sh index 389a4c6..469c3dc 100755 --- a/packaging/bin/engine-backup.sh +++ b/packaging/bin/engine-backup.sh @@ -64,9 +64,15 @@ --db-user=user set database user --db-passfile=file set database password - read from file --db-password=pass set database password + --db-password set database password - interactively --db-name=name set database name --db-secured set a secured connection --db-secured-validation validate host + + ENVIRONMENT VARIABLES + + OVIRT_ENGINE_DATABASE_PASSWORD + Database password as if provided by --db-password=pass option. To create a new user/database: @@ -100,7 +106,7 @@ MY_DB_HOST= MY_DB_PORT=5432 MY_DB_USER= -MY_DB_PASSWORD= +MY_DB_PASSWORD="${OVIRT_ENGINE_DATABASE_PASSWORD}" MY_DB_DATABASE= MY_DB_SECURED=False MY_DB_SECURED_VALIDATION=False @@ -152,6 +158,9 @@ ;; --db-password=*) MY_DB_PASSWORD="${v}" + ;; + --db-password) + MY_DB_PASSWORD="$(readdbpassword)" || exit 1 ;; --db-name=*) MY_DB_DATABASE="${v}" @@ -368,11 +377,16 @@ [ -n "${options}" ] && options="${options#&}" + local encpass="$(sed 's;\(["\$]\);\\\1;g' << __EOF__ +${MY_DB_PASSWORD} +__EOF__ +)" + MY_DB_CREDS="$(cat << __EOF__ ENGINE_DB_HOST="${MY_DB_HOST}" ENGINE_DB_PORT="${MY_DB_PORT}" ENGINE_DB_USER="${MY_DB_USER}" -ENGINE_DB_PASSWORD="$(echo ${MY_DB_PASSWORD} | sed 's;\(["\$]\);\\\1;g')" +ENGINE_DB_PASSWORD="${encpass}" ENGINE_DB_DATABASE="${MY_DB_DATABASE}" ENGINE_DB_SECURED="${MY_DB_SECURED}" ENGINE_DB_SECURED_VALIDATION="${MY_DB_SECURED_VALIDATION}" @@ -423,6 +437,26 @@ echo "${m}" } +readdbpassword() { + ( + cleanup() { + [ -n "${STTY_ORIG}" ] && stty "${STTY_ORIG}" + } + + STTY_ORIG= + trap cleanup 0 + [ -t 0 ] || die "Standard input is not a terminal" + STTY_ORIG="$(stty -g)" + stty -echo || die "Failed to disable terminal input echo" + echo -n "Enter database password: " >&2 + read dbpass + echo >&2 + cat << __EOF__ +${dbpass} +__EOF__ + ) +} + ## Main # Do this in function so we do not lose $@ -- To view, visit http://gerrit.ovirt.org/20606 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icbc497af2653417beab54a9be307332cdf69a48a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Yedidyah Bar David <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
