[Qgis-developer] Add some postgresql PKI authentication tests to Travis

Thu Oct 20 03:05:17 PDT 2016

On Thu, Oct 20, 2016 at 11:53 AM, Sandro Santilli <strk at kbt.io> wrote:

> On Thu, Oct 20, 2016 at 11:31:06AM +0200, Alessandro Pasotti wrote:
> > Hi,
> >
> > I'm looking into adding some tests for the auth system, I've successfully
> > run some local tests with a properly configured postgres instance running
> > as unprivileged user.
> >
> > The question is: given that the current travis config does not use sudo,
> > can we alter the system postgresql.conf and pg_hba.conf to add hostssl
> > connection and certificates?
>
> I think you can't, with Travis/Docker (sudo:false).
>
> > The alternative (that should work just fine) is to launch another
> postgres
> > process on an unprivileged port from the test itself, configure it to use
> > PKI , initdb on a temporary folder, run the test and shutdown the
> postgres.
>
> This one should work.
>
> > Any hint?
>
> Start using docker containers for build ?
> https://docs.travis-ci.com/user/docker/
>

>
> With docker based builds you could make the test-oriented system as you
> need
> it (all deps in, multiple postgresql versions, other services, multiple
> configs) and run the build and the tests in such custom system.
>
> --strk;
>

Yes, thanks I'm already using docker and Travis a lot on other projects:
https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/.travis.yml#L3

Sorry if my question was not clear: I want to add those test in the QGIS
project master and master_2 (or whatever will it be tomorrow) branches.

The .travis file for QGIS does not allow sudo and does not use docker.
Of course I don't want to rewrite the travis for QGIS since it's quite
fragile and I don't want to break it.

So, my question is (and I'm afraid I know the answer is no) is it possible
to configure postgres to (also) use test PKI certs with the current travis
configuration?

The alternative is to run another pg instance on another port and configure
it to use ssl/PKI, and I know that this works because I've tested it
locally but there might be other implications/problems that I've not
considered.

-- 
Alessandro Pasotti
w3:   www.itopen.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161020/c90abd73/attachment.html>