|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# |
| 4 | +# Docker entrypoint for firebird-docker images. |
| 5 | +# |
| 6 | +# Based on works of Jacob Alberty and The PostgreSQL Development Group. |
| 7 | +# |
| 8 | + |
| 9 | +# |
| 10 | +# About the [Tabs ahead] marker: |
| 11 | +# Some sections of this file use tabs for better readability. |
| 12 | +# When using bash here strings the - option suppresses leading tabs but not spaces. |
| 13 | +# |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | +# https://linuxcommand.org/lc3_man_pages/seth.html |
| 18 | +# -E If set, the ERR trap is inherited by shell functions. |
| 19 | +# -e Exit immediately if a command exits with a non-zero status. |
| 20 | +# -u Treat unset variables as an error when substituting |
| 21 | +# -o Set the variable corresponding to option-name: |
| 22 | +# pipefail the return value of a pipeline is the status of |
| 23 | +# the last command to exit with a non-zero status, |
| 24 | +# or zero if no command exited with a non-zero status |
| 25 | +set -Eeuo pipefail |
| 26 | + |
| 27 | +# usage: read_from_file_or_env VAR [DEFAULT] |
| 28 | +# ie: read_from_file_or_env 'DB_PASSWORD' 'example' |
| 29 | +# If $(VAR)_FILE var is set, sets VAR value from file contents. Otherwise, uses DEFAULT value if VAR is not set. |
| 30 | +read_from_file_or_env() { |
| 31 | + local var="$1" |
| 32 | + local fileVar="${var}_FILE" |
| 33 | + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then |
| 34 | + # [Tabs ahead] |
| 35 | + cat >&2 <<-EOL |
| 36 | + ----- |
| 37 | + ERROR: Both $var and $fileVar are set. |
| 38 | + |
| 39 | + Variables %s and %s are mutually exclusive. Remove either one. |
| 40 | + ----- |
| 41 | + EOL |
| 42 | + exit 1 |
| 43 | + fi |
| 44 | + |
| 45 | + local def="${2:-}" |
| 46 | + local val="$def" |
| 47 | + if [ "${!var:-}" ]; then |
| 48 | + val="${!var}" |
| 49 | + elif [ "${!fileVar:-}" ]; then |
| 50 | + val="$(< "${!fileVar}")" |
| 51 | + fi |
| 52 | + |
| 53 | + export "$var"="$val" |
| 54 | + unset "$fileVar" |
| 55 | +} |
| 56 | + |
| 57 | +# usage: firebird_config_set KEY VALUE |
| 58 | +# ie: firebird_config_set 'WireCrypt' 'Enabled' |
| 59 | +# Set configuration key KEY to VALUE in 'firebird.conf' |
| 60 | +firebird_config_set() { |
| 61 | + # Uncomment line |
| 62 | + sed -i "s/^#${1}/${1}/g" /opt/firebird/firebird.conf |
| 63 | + |
| 64 | + # Set KEY to VALUE |
| 65 | + sed -i "s~^\(${1}\s*=\s*\).*$~\1${2}~" /opt/firebird/firebird.conf |
| 66 | +} |
| 67 | + |
| 68 | +# Indent multi-line string -- https://stackoverflow.com/a/29779745 |
| 69 | +indent() { |
| 70 | + sed 's/^/ /'; |
| 71 | +} |
| 72 | + |
| 73 | +# Set Firebird configuration parameters from environment variables. |
| 74 | +set_config() { |
| 75 | + read_from_file_or_env 'FIREBIRD_USE_LEGACY_AUTH' |
| 76 | + if [ "$FIREBIRD_USE_LEGACY_AUTH" == 'true' ]; then |
| 77 | + echo 'Using Legacy_Auth.' |
| 78 | + |
| 79 | + # Firebird 4+: Uses 'Srp256' before 'Srp'. |
| 80 | + local srp256='' |
| 81 | + [ "$FIREBIRD_MAJOR" -ge "4" ] && srp256='Srp256, ' |
| 82 | + |
| 83 | + # Adds Legacy_Auth and Legacy_UserManager as first options. |
| 84 | + firebird_config_set AuthServer "Legacy_Auth, ${srp256}Srp" |
| 85 | + firebird_config_set AuthClient "Legacy_Auth, ${srp256}Srp" |
| 86 | + firebird_config_set UserManager 'Legacy_UserManager, Srp' |
| 87 | + |
| 88 | + # Default setting is 'Required'. Reduces it to 'Enabled'. |
| 89 | + firebird_config_set WireCrypt 'Enabled' |
| 90 | + fi |
| 91 | + |
| 92 | + # FIREBIRD_CONF_* variables: set key in 'firebird.conf' |
| 93 | + local v |
| 94 | + for v in $(compgen -A variable | grep 'FIREBIRD_CONF_'); do |
| 95 | + local key=${v/FIREBIRD_CONF_/} |
| 96 | + firebird_config_set "$key" "${!v}" |
| 97 | + done |
| 98 | + |
| 99 | + # Output changed settings |
| 100 | + local changed_settings=$(grep -o '^[^#]*' /opt/firebird/firebird.conf) |
| 101 | + if [ -n "$changed_settings" ]; then |
| 102 | + echo "Using settings:" |
| 103 | + echo "$changed_settings" | indent |
| 104 | + fi |
| 105 | +} |
| 106 | + |
| 107 | +# Changes SYSDBA password if FIREBIRD_ROOT_PASSWORD variable is set. |
| 108 | +set_sysdba() { |
| 109 | + read_from_file_or_env 'FIREBIRD_ROOT_PASSWORD' |
| 110 | + if [ -n "$FIREBIRD_ROOT_PASSWORD" ]; then |
| 111 | + echo 'Changing SYSDBA password.' |
| 112 | + |
| 113 | + # [Tabs ahead] |
| 114 | + /opt/firebird/bin/isql -b -user SYSDBA security.db <<-EOL |
| 115 | + CREATE OR ALTER USER SYSDBA |
| 116 | + PASSWORD '$FIREBIRD_ROOT_PASSWORD' |
| 117 | + USING PLUGIN Srp; |
| 118 | + EXIT; |
| 119 | + EOL |
| 120 | + |
| 121 | + if [ "$FIREBIRD_USE_LEGACY_AUTH" == 'true' ]; then |
| 122 | + # [Tabs ahead] |
| 123 | + /opt/firebird/bin/isql -b -user SYSDBA security.db <<-EOL |
| 124 | + CREATE OR ALTER USER SYSDBA |
| 125 | + PASSWORD '$FIREBIRD_ROOT_PASSWORD' |
| 126 | + USING PLUGIN Legacy_UserManager; |
| 127 | + EXIT; |
| 128 | + EOL |
| 129 | + fi |
| 130 | + |
| 131 | + rm -rf /opt/firebird/SYSDBA.password |
| 132 | + fi |
| 133 | +} |
| 134 | + |
| 135 | +# Requires FIREBIRD_PASSWORD if FIREBIRD_USER is set. |
| 136 | +requires_user_password() { |
| 137 | + if [ -n "$FIREBIRD_USER" ] && [ -z "$FIREBIRD_PASSWORD" ]; then |
| 138 | + # [Tabs ahead] |
| 139 | + cat >&2 <<-EOL |
| 140 | + ----- |
| 141 | + ERROR: FIREBIRD_PASSWORD variable is not set. |
| 142 | + |
| 143 | + When using FIREBIRD_USER you must also set FIREBIRD_PASSWORD variable. |
| 144 | + ----- |
| 145 | + EOL |
| 146 | + exit 1 |
| 147 | + fi |
| 148 | +} |
| 149 | + |
| 150 | +# Create Firebird user. |
| 151 | +create_user() { |
| 152 | + read_from_file_or_env 'FIREBIRD_USER' |
| 153 | + read_from_file_or_env 'FIREBIRD_PASSWORD' |
| 154 | + |
| 155 | + if [ -n "$FIREBIRD_USER" ]; then |
| 156 | + requires_user_password |
| 157 | + echo "Creating user '$FIREBIRD_USER'..." |
| 158 | + |
| 159 | + # [Tabs ahead] |
| 160 | + /opt/firebird/bin/isql -b security.db <<-EOL |
| 161 | + CREATE OR ALTER USER $FIREBIRD_USER |
| 162 | + PASSWORD '$FIREBIRD_PASSWORD' |
| 163 | + GRANT ADMIN ROLE; |
| 164 | + EXIT; |
| 165 | + EOL |
| 166 | + fi |
| 167 | +} |
| 168 | + |
| 169 | +# Run isql |
| 170 | +process_sql() { |
| 171 | + local isql_command=( /opt/firebird/bin/isql -b ) |
| 172 | + |
| 173 | + if [ -n "$FIREBIRD_USER" ]; then |
| 174 | + isql_command+=( -u "$FIREBIRD_USER" -p "$FIREBIRD_PASSWORD" ) |
| 175 | + fi |
| 176 | + |
| 177 | + if [ -n "$FIREBIRD_DATABASE" ]; then |
| 178 | + isql_command+=( "$FIREBIRD_DATABASE" ) |
| 179 | + fi |
| 180 | + |
| 181 | + ${isql_command[@]} "$@" |
| 182 | +} |
| 183 | + |
| 184 | +# Execute database initialization scripts |
| 185 | +init_db() { |
| 186 | + local f |
| 187 | + for f; do |
| 188 | + case "$f" in |
| 189 | + *.sh) |
| 190 | + if [ -x "$f" ]; then |
| 191 | + # Script is executable. Run it. |
| 192 | + printf ' running %s\n' "$f" |
| 193 | + "$f" |
| 194 | + else |
| 195 | + # Script is not executable. Source it. |
| 196 | + printf ' sourcing %s\n' "$f" |
| 197 | + . "$f" |
| 198 | + fi |
| 199 | + ;; |
| 200 | + *.sql) printf ' running %s\n' "$f"; cat "$f" | process_sql; printf '\n' ;; |
| 201 | + *.sql.gz) printf ' running %s\n' "$f"; gunzip -c "$f" | process_sql; printf '\n' ;; |
| 202 | + *.sql.xz) printf ' running %s\n' "$f"; xzcat "$f" | process_sql; printf '\n' ;; |
| 203 | + *.sql.zst) printf ' running %s\n' "$f"; zstd -dc "$f" | process_sql; printf '\n' ;; |
| 204 | + *) printf ' ignoring %s\n' "$f" ;; |
| 205 | + esac |
| 206 | + printf '\n' |
| 207 | + done |
| 208 | + |
| 209 | +} |
| 210 | + |
| 211 | +# Create user database. |
| 212 | +create_db() { |
| 213 | + read_from_file_or_env 'FIREBIRD_DATABASE' |
| 214 | + if [ -n "$FIREBIRD_DATABASE" ]; then |
| 215 | + # Expand FIREBIRD_DATABASE to full path |
| 216 | + cd "$FIREBIRD_DATA" |
| 217 | + export FIREBIRD_DATABASE=$(realpath --canonicalize-missing $FIREBIRD_DATABASE) |
| 218 | + |
| 219 | + # Store it for other sessions of this instance |
| 220 | + echo "export FIREBIRD_DATABASE='$FIREBIRD_DATABASE'" > ~/.bashrc |
| 221 | + |
| 222 | + # Create database only if not exists. |
| 223 | + if [ ! -f "$FIREBIRD_DATABASE" ]; then |
| 224 | + echo "Creating database '$FIREBIRD_DATABASE'..." |
| 225 | + |
| 226 | + read_from_file_or_env 'FIREBIRD_DATABASE_PAGE_SIZE' |
| 227 | + read_from_file_or_env 'FIREBIRD_DATABASE_DEFAULT_CHARSET' |
| 228 | + |
| 229 | + local user_and_password='' |
| 230 | + [ -n "$FIREBIRD_USER" ] && user_and_password=" USER '$FIREBIRD_USER' PASSWORD '$FIREBIRD_PASSWORD'" |
| 231 | + |
| 232 | + local page_size='' |
| 233 | + [ -n "$FIREBIRD_DATABASE_PAGE_SIZE" ] && page_size="PAGE_SIZE $FIREBIRD_DATABASE_PAGE_SIZE" |
| 234 | + |
| 235 | + local default_charset='' |
| 236 | + [ -n "$FIREBIRD_DATABASE_DEFAULT_CHARSET" ] && default_charset="DEFAULT CHARACTER SET $FIREBIRD_DATABASE_DEFAULT_CHARSET" |
| 237 | + |
| 238 | + # [Tabs ahead] |
| 239 | + /opt/firebird/bin/isql -b -q <<-EOL |
| 240 | + CREATE DATABASE '$FIREBIRD_DATABASE' |
| 241 | + $user_and_password |
| 242 | + $page_size |
| 243 | + $default_charset; |
| 244 | + EXIT; |
| 245 | + EOL |
| 246 | + |
| 247 | + init_db /docker-entrypoint-initdb.d/* |
| 248 | + fi |
| 249 | + fi |
| 250 | +} |
| 251 | + |
| 252 | +sigint_handler() { |
| 253 | + echo "Stopping Firebird... [SIGINT received]" |
| 254 | +} |
| 255 | + |
| 256 | +sigterm_handler() { |
| 257 | + echo "Stopping Firebird... [SIGTERM received]" |
| 258 | +} |
| 259 | + |
| 260 | +run_daemon_and_wait() { |
| 261 | + # Traps SIGINT (handles Ctrl-C in interactive mode) |
| 262 | + trap sigint_handler SIGINT |
| 263 | + |
| 264 | + # Traps SIGTERM (polite shutdown) |
| 265 | + trap sigterm_handler SIGTERM |
| 266 | + |
| 267 | + # Firebird version |
| 268 | + echo -n 'Starting ' |
| 269 | + /opt/firebird/bin/firebird -z |
| 270 | + |
| 271 | + # Run fbguard and wait |
| 272 | + /opt/firebird/bin/fbguard & |
| 273 | + wait $! |
| 274 | +} |
| 275 | + |
| 276 | + |
| 277 | + |
| 278 | +# |
| 279 | +# main() |
| 280 | +# |
| 281 | +if [ "$1" = 'firebird' ]; then |
| 282 | + set_config |
| 283 | + set_sysdba |
| 284 | + |
| 285 | + create_user |
| 286 | + create_db |
| 287 | + |
| 288 | + run_daemon_and_wait |
| 289 | +else |
| 290 | + exec "$@" |
| 291 | +fi |
0 commit comments