From a380674d85f465c581b0b8a5a9c2df5d8aad9cae Mon Sep 17 00:00:00 2001 From: Florian Brandes Date: Tue, 7 Feb 2023 12:23:24 +0100 Subject: [PATCH] pgadmin4: add option to enable desktop mode By default, pgadmin4 uses SERVER_MODE = True. This requires access to system directories (e.g. /var/lib/pgadmin). There is no easy way to change this mode during runtime. One has to change or add config files withing pgadmin's directory structure to change it or add a system-wide config file under `/etc/pgadmin`[1]. This isn't always easy to achive or may not be possible at all. For those usecases this implements a switch in the pgadmin4 derivation and adds a new top-level package `pgadmin4-desktopmode`. This builds in DESKTOP MODE and allows the usage of pgadmin4 without the nixOS module and without access to system-wide directories. pgadmin4 module saves the configuration to /etc/pgadmin/config_system.py pgadmin4-desktopmode tries to read that as well. This normally fails with a PermissionError, as the config file is owned by the user of the pgadmin module. With the check-system-config-dir.patch this will just throw a warning but will continue and not read the file. If we run pgadmin4-desktopmode as root (something one really shouldn't do), it can read the config file and fail, because of the wrong config for desktopmode. [1]https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html Signed-off-by: Florian Brandes --- nixos/tests/all-tests.nix | 2 +- nixos/tests/pgadmin4-standalone.nix | 43 -------------- nixos/tests/pgadmin4.nix | 57 +++++++++++++++++++ .../pgadmin/check-system-config-dir.patch | 17 ++++++ pkgs/tools/admin/pgadmin/default.nix | 22 ++++++- pkgs/top-level/all-packages.nix | 2 + 6 files changed, 98 insertions(+), 45 deletions(-) delete mode 100644 nixos/tests/pgadmin4-standalone.nix create mode 100644 nixos/tests/pgadmin4.nix create mode 100644 pkgs/tools/admin/pgadmin/check-system-config-dir.patch diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a991ce8be77a..f544a0cbb5c7 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -513,7 +513,7 @@ in { peerflix = handleTest ./peerflix.nix {}; peering-manager = handleTest ./web-apps/peering-manager.nix {}; peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; - pgadmin4-standalone = handleTest ./pgadmin4-standalone.nix {}; + pgadmin4 = handleTest ./pgadmin4.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; phosh = handleTest ./phosh.nix {}; diff --git a/nixos/tests/pgadmin4-standalone.nix b/nixos/tests/pgadmin4-standalone.nix deleted file mode 100644 index 30e22d16ddc3..000000000000 --- a/nixos/tests/pgadmin4-standalone.nix +++ /dev/null @@ -1,43 +0,0 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: -# This is separate from pgadmin4 since we don't want both running at once - -{ - name = "pgadmin4-standalone"; - meta.maintainers = with lib.maintainers; [ mkg20001 ]; - - nodes.machine = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - curl - ]; - - services.postgresql = { - enable = true; - - authentication = '' - host all all localhost trust - ''; - - ensureUsers = [ - { - name = "postgres"; - ensurePermissions = { - "DATABASE \"postgres\"" = "ALL PRIVILEGES"; - }; - } - ]; - }; - - services.pgadmin = { - enable = true; - initialEmail = "bruh@localhost.de"; - initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; - }; - }; - - testScript = '' - machine.wait_for_unit("postgresql") - machine.wait_for_unit("pgadmin") - - machine.wait_until_succeeds("curl -s localhost:5050") - ''; -}) diff --git a/nixos/tests/pgadmin4.nix b/nixos/tests/pgadmin4.nix new file mode 100644 index 000000000000..6a9ce6ceae29 --- /dev/null +++ b/nixos/tests/pgadmin4.nix @@ -0,0 +1,57 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + +{ + name = "pgadmin4"; + meta.maintainers = with lib.maintainers; [ mkg20001 gador ]; + + nodes.machine = { pkgs, ... }: { + + imports = [ ./common/user-account.nix ]; + + environment.systemPackages = with pkgs; [ + curl + pgadmin4-desktopmode + ]; + + services.postgresql = { + enable = true; + authentication = '' + host all all localhost trust + ''; + ensureUsers = [ + { + name = "postgres"; + ensurePermissions = { + "DATABASE \"postgres\"" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.pgadmin = { + port = 5051; + enable = true; + initialEmail = "bruh@localhost.de"; + initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + }; + }; + + testScript = '' + with subtest("Check pgadmin module"): + machine.wait_for_unit("postgresql") + machine.wait_for_unit("pgadmin") + machine.wait_until_succeeds("curl -s localhost:5051") + machine.wait_until_succeeds("curl -s localhost:5051/login | grep \"pgAdmin 4\" > /dev/null") + + # pgadmin4 module saves the configuration to /etc/pgadmin/config_system.py + # pgadmin4-desktopmode tries to read that as well. This normally fails with a PermissionError, as the config file + # is owned by the user of the pgadmin module. With the check-system-config-dir.patch this will just throw a warning + # but will continue and not read the file. + # If we run pgadmin4-desktopmode as root (something one really shouldn't do), it can read the config file and fail, + # because of the wrong config for desktopmode. + with subtest("Check pgadmin standalone desktop mode"): + machine.execute("sudo -u alice pgadmin4 >&2 &", timeout=60) + machine.wait_until_succeeds("curl -s localhost:5050") + machine.wait_until_succeeds("curl -s localhost:5050/browser/ | grep \"pgAdmin 4\" > /dev/null") + ''; +}) diff --git a/pkgs/tools/admin/pgadmin/check-system-config-dir.patch b/pkgs/tools/admin/pgadmin/check-system-config-dir.patch new file mode 100644 index 000000000000..f614bab64e6f --- /dev/null +++ b/pkgs/tools/admin/pgadmin/check-system-config-dir.patch @@ -0,0 +1,17 @@ +diff --git a/web/config.py b/web/config.py +index 4774043..5b73fd3 100644 +--- a/web/config.py ++++ b/web/config.py +@@ -884,6 +884,12 @@ if os.path.exists(system_config_dir + '/config_system.py'): + user_config_settings.update(config_system_settings) + except ImportError: + pass ++ except PermissionError: ++ print(f"Permission denied to open {str(system_config_dir + '/config_system.py')}. \n \ ++ If you are running pgadmin4-desktopmode please make sure you disable \n \ ++ the pgadmin NixOS module first. If you rely on settings in \n \ ++ {str(system_config_dir + '/config_system.py')}, please check the correct permissions.") ++ pass + + # Update settings for 'LOG_FILE', 'SQLITE_PATH', 'SESSION_DB_PATH', + # 'AZURE_CREDENTIAL_CACHE_DIR', 'KERBEROS_CCACHE_DIR', 'STORAGE_DIR' \ No newline at end of file diff --git a/pkgs/tools/admin/pgadmin/default.nix b/pkgs/tools/admin/pgadmin/default.nix index 2f85b4e3aff9..a83d96779de6 100644 --- a/pkgs/tools/admin/pgadmin/default.nix +++ b/pkgs/tools/admin/pgadmin/default.nix @@ -9,6 +9,7 @@ , fetchPypi , postgresqlTestHook , postgresql +, server-mode ? true }: let @@ -88,6 +89,8 @@ pythonPackages.buildPythonApplication rec { patches = [ # Expose setup.py for later use ./expose-setup.py.patch + # check for permission of /etc/pgadmin/config_system and don't fail + ./check-system-config-dir.patch ]; postPatch = '' @@ -105,6 +108,10 @@ pythonPackages.buildPythonApplication rec { sed 's|==|>=|g' -i requirements.txt substituteInPlace pkg/pip/setup_pip.py \ --replace "req = req.replace('psycopg2', 'psycopg2-binary')" "req = req" + ${lib.optionalString (!server-mode) '' + substituteInPlace web/config.py \ + --replace "SERVER_MODE = True" "SERVER_MODE = False" + ''} ''; preBuild = '' @@ -242,7 +249,20 @@ pythonPackages.buildPythonApplication rec { ''; meta = with lib; { - description = "Administration and development platform for PostgreSQL"; + description = "Administration and development platform for PostgreSQL${optionalString (!server-mode) ". Desktop Mode"}"; + longDescription = '' + pgAdmin 4 is designed to meet the needs of both novice and experienced Postgres users alike, + providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects. + ${if server-mode then '' + This version is build with SERVER_MODE set to True (the default). It will require access to `/var/lib/pgadmin` + and `/var/log/pgadmin`. This is the default version for the NixOS module `services.pgadmin`. + This should NOT be used in combination with the `pgadmin4-desktopmode` package as they will interfere. + '' else '' + This version is build with SERVER_MODE set to False. It will require access to `~/.pgadmin/`. This version is suitable + for single-user deployment or where access to `/var/lib/pgadmin` cannot be granted or the NixOS module cannot be used. + This should NOT be used in combination with the NixOS module `pgadmin` as they will interfere. + ''} + ''; homepage = "https://www.pgadmin.org/"; license = licenses.mit; changelog = "https://www.pgadmin.org/docs/pgadmin4/latest/release_notes_${lib.versions.major version}_${lib.versions.minor version}.html"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8afd5a0055a0..73131f79dad3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -37950,6 +37950,8 @@ with pkgs; pgadmin4 = callPackage ../tools/admin/pgadmin { }; + pgadmin4-desktopmode = callPackage ../tools/admin/pgadmin { server-mode = false; }; + pgmodeler = qt6Packages.callPackage ../applications/misc/pgmodeler { }; physlock = callPackage ../misc/screensavers/physlock { };