<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Oct 20, 2016 at 11:53 AM, Sandro Santilli <span dir="ltr"><<a href="mailto:strk@kbt.io" target="_blank">strk@kbt.io</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Thu, Oct 20, 2016 at 11:31:06AM +0200, Alessandro Pasotti wrote:<br>
> Hi,<br>
><br>
> I'm looking into adding some tests for the auth system, I've successfully<br>
> run some local tests with a properly configured postgres instance running<br>
> as unprivileged user.<br>
><br>
> The question is: given that the current travis config does not use sudo,<br>
> can we alter the system postgresql.conf and pg_hba.conf to add hostssl<br>
> connection and certificates?<br>
<br>
</span>I think you can't, with Travis/Docker (sudo:false).<br>
<span class="gmail-"><br>
> The alternative (that should work just fine) is to launch another postgres<br>
> process on an unprivileged port from the test itself, configure it to use<br>
> PKI , initdb on a temporary folder, run the test and shutdown the postgres.<br>
<br>
</span>This one should work.<br>
<br>
> Any hint?<br>
<br>
Start using docker containers for build ?<br>
<a href="https://docs.travis-ci.com/user/docker/" rel="noreferrer" target="_blank">https://docs.travis-ci.com/<wbr>user/docker/</a><br></blockquote><div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
With docker based builds you could make the test-oriented system as you need<br>
it (all deps in, multiple postgresql versions, other services, multiple<br>
configs) and run the build and the tests in such custom system.<br>
<br>
--strk;<br></blockquote><div><br></div><div>Yes, thanks I'm already using docker and Travis a lot on other projects: <a href="https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/.travis.yml#L3">https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/.travis.yml#L3</a><br><br></div><div>Sorry if my question was not clear: I want to add those test in the QGIS project master and master_2 (or whatever will it be tomorrow) branches.<br><br></div><div>The .travis file for QGIS does not allow sudo and does not use docker.<br></div><div>Of course I don't want to rewrite the travis for QGIS since it's quite fragile and I don't want to break it.<br><br></div></div>So, my question is (and I'm afraid I know the answer is no) is it possible to configure postgres to (also) use test PKI certs with the current travis configuration?<br><br></div><div class="gmail_extra">The alternative is to run another pg instance on another port and configure it to use ssl/PKI, and I know that this works because I've tested it locally but there might be other implications/problems that I've not considered.<br><br><br></div><div class="gmail_extra"><br clear="all"><br>-- <br><div class="gmail_signature">Alessandro Pasotti<br>w3: <a href="http://www.itopen.it" target="_blank">www.itopen.it</a></div>
</div></div>