remote/psql

   1 #!/bin/sh -eu
   2 tool=$(readlink -e "${0%/*}/..")
   3 . "$tool"/remote/lib.sh
   4
   5 user=postgres
   6 key="$tool"/var/sec/x509/postgresql."$local_domainname"/user/"$user"/key.pem
   7
   8 read -r pass <<-EOF
   9         $(stdbuf --output 0 tr -d -c '[:alnum:]' <"${random:-/dev/urandom}" | head -c 42)
  10         EOF
  11 gpg --yes --decrypt "$key".gpg |
  12 openssl rsa -in /dev/stdin -des3 -passout fd:3 -out "$key" 3<<-EOF
  13         $pass
  14         EOF
  15
  16 PGSSLCERT="$tool"/var/pub/x509/postgresql."$local_domainname"/user/"$user"/crt.pem \
  17 PGSSLKEY="$key" \
  18 PGSSLMODE=verify-full \
  19 PGSSLROOTCERT="$tool"/var/pub/x509/postgresql."$local_domainname"/crt+ca.pem \
  20 expect -f /dev/fd/3 \
  21  psql \
  22  --host postgresql."$local_domainname" \
  23  --port 5432 \
  24  --username "$user" \
  25  "$@" 3<<-EOF
  26         spawn {*}\$argv
  27         expect {
  28          "Enter PEM pass phrase:" {
  29                         send -- "$pass\\r"
  30                         interact
  31                  }
  32          }
  33         EOF