From 7679473acdda8ebbbb9681512a61bda5642911a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= <stephane.bidoul@gmail.com>
Date: Tue, 27 Jun 2023 16:51:33 +0200
Subject: [PATCH 1/3] Initialize a db with only the base module

---
 src/runboat/kubefiles/runboat-cleanup.sh    |  1 +
 src/runboat/kubefiles/runboat-initialize.sh | 13 ++++++++++++-
 src/runboat/kubefiles/runboat-start.sh      |  2 --
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/runboat/kubefiles/runboat-cleanup.sh b/src/runboat/kubefiles/runboat-cleanup.sh
index da9b537..03289ac 100755
--- a/src/runboat/kubefiles/runboat-cleanup.sh
+++ b/src/runboat/kubefiles/runboat-cleanup.sh
@@ -3,3 +3,4 @@
 set -ex
 
 dropdb --if-exists --force $PGDATABASE
+dropdb --if-exists --force $PGDATABASE-baseonly
diff --git a/src/runboat/kubefiles/runboat-initialize.sh b/src/runboat/kubefiles/runboat-initialize.sh
index fbee98c..8deba16 100755
--- a/src/runboat/kubefiles/runboat-initialize.sh
+++ b/src/runboat/kubefiles/runboat-initialize.sh
@@ -12,12 +12,23 @@ oca_wait_for_postgres
 
 # Drop database, in case we are reinitializing.
 dropdb --if-exists $PGDATABASE
+dropdb --if-exists $PGDATABASE-baseonly
 
 ADDONS=$(manifestoo --select-addons-dir ${ADDONS_DIR} --select-include "${INCLUDE}" --select-exclude "${EXCLUDE}" list --separator=,)
 
+# Create the baseonly database.
+unbuffer $(which odoo || which openerp-server) \
+  --data-dir=/mnt/data/odoo-data-dir \
+  --db-template=template1 \
+  -d ${PGDATABASE}-baseonly \
+  -i base \
+  --stop-after-init
+
+# Try to install all addons, but do not fail in case of error, to let the build start
+# so users can work with the 'baseonly' database.
 unbuffer $(which odoo || which openerp-server) \
   --data-dir=/mnt/data/odoo-data-dir \
   --db-template=template1 \
   -d ${PGDATABASE} \
   -i ${ADDONS:-base} \
-  --stop-after-init
+  --stop-after-init || exit 0
diff --git a/src/runboat/kubefiles/runboat-start.sh b/src/runboat/kubefiles/runboat-start.sh
index 1ec567c..8fe8825 100755
--- a/src/runboat/kubefiles/runboat-start.sh
+++ b/src/runboat/kubefiles/runboat-start.sh
@@ -35,8 +35,6 @@ oca_wait_for_postgres
 # --db_user is necessary for Odoo <= 10
 unbuffer $(which odoo || which openerp-server) \
   --data-dir=/mnt/data/odoo-data-dir \
-  --no-database-list \
-  --database ${PGDATABASE} \
   --db-filter=^${PGDATABASE} \
   --db_user=${PGUSER} \
   --smtp=localhost \

From 1b5562a8811427ad5f4691de48d00fd7d02a4f6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= <stephane.bidoul@gmail.com>
Date: Sat, 18 Nov 2023 12:35:26 +0100
Subject: [PATCH 2/3] Set random admin password

So users cannot do anything harmful with the database manager,
which is now enabled so they can select the base or full
database
---
 src/runboat/kubefiles/runboat-start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/runboat/kubefiles/runboat-start.sh b/src/runboat/kubefiles/runboat-start.sh
index 8fe8825..ef67bbd 100755
--- a/src/runboat/kubefiles/runboat-start.sh
+++ b/src/runboat/kubefiles/runboat-start.sh
@@ -14,6 +14,9 @@ fi
 # show what is installed (the venv in /opt/odoo-venv has been mounted)
 pip list
 
+# Make sure users cannot create databases.
+echo "admin_passwd=$(python3 -c 'import secrets; print(secrets.token_hex())')" >> ${ODOO_RC}
+
 # Add ADDONS_DIR to addons_path (because that oca_install_addons did,
 # but $ODOO_RC is not on a persistent volume, so it is lost when we
 # start in another container).

From 8087b4316319c2cd89c0ded9226f853fe0ed0ff0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= <stephane.bidoul@gmail.com>
Date: Sun, 19 Nov 2023 11:34:07 +0100
Subject: [PATCH 3/3] Create baseonly db only if first install failed

---
 src/runboat/kubefiles/runboat-initialize.sh | 22 ++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/runboat/kubefiles/runboat-initialize.sh b/src/runboat/kubefiles/runboat-initialize.sh
index 8deba16..43c59df 100755
--- a/src/runboat/kubefiles/runboat-initialize.sh
+++ b/src/runboat/kubefiles/runboat-initialize.sh
@@ -11,19 +11,11 @@ bash /runboat/runboat-clone-and-install.sh
 oca_wait_for_postgres
 
 # Drop database, in case we are reinitializing.
-dropdb --if-exists $PGDATABASE
-dropdb --if-exists $PGDATABASE-baseonly
+dropdb --if-exists ${PGDATABASE}
+dropdb --if-exists ${PGDATABASE}-baseonly
 
 ADDONS=$(manifestoo --select-addons-dir ${ADDONS_DIR} --select-include "${INCLUDE}" --select-exclude "${EXCLUDE}" list --separator=,)
 
-# Create the baseonly database.
-unbuffer $(which odoo || which openerp-server) \
-  --data-dir=/mnt/data/odoo-data-dir \
-  --db-template=template1 \
-  -d ${PGDATABASE}-baseonly \
-  -i base \
-  --stop-after-init
-
 # Try to install all addons, but do not fail in case of error, to let the build start
 # so users can work with the 'baseonly' database.
 unbuffer $(which odoo || which openerp-server) \
@@ -31,4 +23,12 @@ unbuffer $(which odoo || which openerp-server) \
   --db-template=template1 \
   -d ${PGDATABASE} \
   -i ${ADDONS:-base} \
-  --stop-after-init || exit 0
+  --stop-after-init || \
+# Create the baseonly database if installation failed.
+(dropdb --if-exists ${PGDATABASE} && \
+unbuffer $(which odoo || which openerp-server) \
+  --data-dir=/mnt/data/odoo-data-dir \
+  --db-template=template1 \
+  -d ${PGDATABASE}-baseonly \
+  -i base \
+  --stop-after-init)