Gitea/hx-ki.com2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial COM2 system snapshot

Browse Source
This commit is contained in:
gitea
2026-03-06 15:22:40 +00:00
commit 9c0fa49baf
4377 changed files with 273033 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
COM2_DISCOVER_AND_VERIFY_DB_CREDS_ONE_SHOT.sh Executable file
View File

@@ -0,0 +1,92 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT="/opt/hx-ki"
COMPOSE="/opt/hx-ki/com2-stack/docker-compose.yml"
PG_C="hxki-postgres"
MY_C="hxki-mariadb"
echo "=== COM2 · DISCOVER + VERIFY DB CREDS (one-shot, no guessing) ==="
[ -f "$COMPOSE" ] || { echo "FAIL: missing $COMPOSE"; exit 1; }
echo "[0] Start only DB containers (for verification tests)"
docker compose -f "$COMPOSE" up -d "$PG_C" "$MY_C" >/dev/null 2>&1 || true
echo "[1] Read current container ENV (ground truth candidates)"
PG_USER="$(docker inspect "$PG_C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^POSTGRES_USER=/{print $2}' | tail -n1 || true)"
PG_DB="$(docker inspect "$PG_C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^POSTGRES_DB=/{print $2}' | tail -n1 || true)"
MY_ROOT_PW_ENV="$(docker inspect "$MY_C" --format '{{range .Config.Env}}{{println .}}{{end}}' | awk -F= '/^(MARIADB_ROOT_PASSWORD|MYSQL_ROOT_PASSWORD)=/{print $2}' | tail -n1 || true)"
echo " PG_USER=${PG_USER:-<unknown>} PG_DB=${PG_DB:-<unknown>}"
echo " MY_ROOT_PW_ENV=${MY_ROOT_PW_ENV:+<set>} ${MY_ROOT_PW_ENV:+"(not shown)"}"
echo "[2] Collect password candidates from existing files (no guessing)"
# We only scan /opt/hx-ki for known keys; no invention.
mapfile -t CANDIDATES < <(
grep -RInh --binary-files=without-match -E \
'(^|[[:space:]])(POSTGRES_PASSWORD|PG_PASSWORD|DB_POSTGRESDB_PASSWORD|MARIADB_ROOT_PASSWORD|MYSQL_ROOT_PASSWORD|MAUTIC_DB_PASSWORD|MAUTIC_DB_ROOT_PASSWORD)[[:space:]]*[:=][[:space:]]*[^[:space:]]+' \
"$ROOT" 2>/dev/null \
| sed -E 's/.*[:=][[:space:]]*//' \
| sed -E "s/^['\"]//; s/['\"]$//" \
| awk 'NF' \
| sort -u
)
# Add current env passwords as candidates (if set)
if [ -n "${MY_ROOT_PW_ENV:-}" ]; then
CANDIDATES+=("$MY_ROOT_PW_ENV")
fi
# De-dup again
mapfile -t CANDIDATES < <(printf "%s\n" "${CANDIDATES[@]}" | awk 'NF' | sort -u)
echo " Found candidates: ${#CANDIDATES[@]}"
mask() { local s="$1"; local n="${#s}"; if [ "$n" -le 4 ]; then echo "****"; else echo "****${s: -4}"; fi; }
echo "[3] Verify Postgres password by REAL login test (no assumptions)"
PG_OK=""
if [ -z "${PG_USER:-}" ]; then
echo " FAIL: PG_USER not detectable from container env"
else
for pw in "${CANDIDATES[@]}"; do
# Try connecting to default DBs first; existence of PG_DB may vary.
if docker exec -e PGPASSWORD="$pw" "$PG_C" sh -lc \
"psql -U '$PG_USER' -d postgres -tAc 'SELECT 1' >/dev/null 2>&1 || psql -U '$PG_USER' -d template1 -tAc 'SELECT 1' >/dev/null 2>&1"; then
PG_OK="$pw"
echo " OK: Postgres login works with password $(mask "$pw")"
break
fi
done
[ -n "$PG_OK" ] || echo " FAIL: No candidate password could log in to Postgres as user '$PG_USER'"
fi
echo "[4] Verify MariaDB root password by REAL login test (no assumptions)"
MY_OK=""
for pw in "${CANDIDATES[@]}"; do
if docker exec "$MY_C" sh -lc "mysql -uroot -p'$pw' -e 'SELECT 1' >/dev/null 2>&1"; then
MY_OK="$pw"
echo " OK: MariaDB root login works with password $(mask "$pw")"
break
fi
done
[ -n "$MY_OK" ] || echo " FAIL: No candidate password could log in to MariaDB as root"
echo
echo "=== RESULT (verifiziert oder nicht auffindbar) ==="
if [ -n "$PG_OK" ]; then
echo "POSTGRES_USER=$PG_USER"
echo "POSTGRES_PASSWORD=<VERIFIED $(mask "$PG_OK")>"
else
echo "POSTGRES: VERIFIED PASSWORD NOT FOUND IN /opt/hx-ki SOURCES"
fi
if [ -n "$MY_OK" ]; then
echo "MYSQL_ROOT_PASSWORD=<VERIFIED $(mask "$MY_OK")>"
else
echo "MARIADB: VERIFIED ROOT PASSWORD NOT FOUND IN /opt/hx-ki SOURCES"
fi
echo
echo "If one of them is NOT found: the only deterministic path is a controlled password reset (auth bypass), because plaintext cannot be recovered from the data directories."