Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.33.0-php8.3 has problem with connection to Postgresql using pdo_pgsql driver #1457

Open
Stafox opened this issue Oct 11, 2024 · 10 comments
Open

1.33.0-php8.3 has problem with connection to Postgresql using pdo_pgsql driver #1457

Stafox opened this issue Oct 11, 2024 · 10 comments
Labels
X-Needs-Info Blocked until the reporter provides further information

Comments

@Stafox
Copy link

Stafox commented Oct 11, 2024

After update to this version I started to experience problem with connection to remote postgres databases (have tried Google Cloud SQL and Digital Ocean Managed DB).
It does not allow to establish connection due to error with certificate.

connection to server at "****" (xxx.xxx.xx.xxx), port 25060 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied.

After switching back to 1.32.1-php8.3 the error has gone.
@callahad

This comment has been minimized.

Sign in to view
@ac000

This comment has been minimized.

Sign in to view
@callahad

This comment has been minimized.

Sign in to view
@callahad
Copy link
Collaborator

callahad commented Oct 14, 2024
edited
Loading

@Stafox Looks like the base image changed from php:8.3-cli-bullseye to php:8.3-cli-bookworm when we released 1.33. At first glance, I don't see any other relevant changes between the Dockerfiles used for 1.32.1 and 1.33.0. This might be an issue with Debian?

What are the permissions on /root/, /root/.postgresql/ and /root/.postgresql.crt in each version of the image for you? How are you writing the client cert into the container?

@Stafox
Copy link
Author

Stafox commented Oct 15, 2024

This might be an issue with Debian?
not sure

the problem definetely does not connected to permissions. i have tried all possible, as well, as providing the file. no luck.

the main problem that it shoud not request the cerificate at all, in case your connection is made with sslmode=require (what is default mode)

as i mentioned, after rolling back to previous version the problem has gone

@thresheek
Copy link
Member

What docker version you're running and on what OS? What's the libseccomp version on your host OS?

Thinks kinda sorta looks like another case of docker-library/official-images#16829

@Stafox
Copy link
Author

Stafox commented Oct 15, 2024

the problem was reproduced on Ubuntu 24.04 (Docker version 27.3.1, build ce12230) and macos (Docker version 27.2.0, build 3ab4256).

dpkg -l | grep libseccomp
ii  libseccomp2:amd64               2.5.5-1ubuntu3.1                        amd64        high level interface to Linux seccomp filter

@thresheek
Copy link
Member

That's recent enough! So probably my idea was a miss.

Looking at https://gitlab.alpinelinux.org/alpine/aports/-/issues/14565 and psycopg/psycopg2#1535 it looks like it's coming up from an updated libpq library - with some ideas to try in psycopg/psycopg2#1535 (comment) and psycopg/psycopg2#1535 (comment)

@callahad
Copy link
Collaborator

@Stafox Do the workarounds mentioned above work for you?

@callahad callahad added the X-Needs-Info Blocked until the reporter provides further information label Oct 28, 2024
@Stafox
Copy link
Author

Stafox commented Oct 28, 2024
edited
Loading

@callahad Providing certificate is not an option for me at all in current setup. So, no

for now I use previous version 1.32.1 as workaround

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
X-Needs-Info Blocked until the reporter provides further information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@callahad @ac000 @Stafox @thresheek