From 7c90fdb26dbb4041c858376ffd09bdec54c87210 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <containers-bot@bitnami.com>
Date: Fri, 26 Jun 2020 18:52:11 +0000
Subject: [PATCH] 12.3.0-debian-10-r40 release

---
 bitnami/postgresql/12/debian-10/Dockerfile    |  8 ++---
 .../prebuildfs/opt/bitnami/scripts/libfs.sh   | 16 +++++++++
 .../opt/bitnami/scripts/libpersistence.sh     | 35 ++++++++++++++-----
 .../opt/bitnami/scripts/postgresql-env.sh     |  2 +-
 bitnami/postgresql/README.md                  |  2 +-
 5 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/bitnami/postgresql/12/debian-10/Dockerfile b/bitnami/postgresql/12/debian-10/Dockerfile
index 9ac2b5b6d57b..8143df5a16c1 100644
--- a/bitnami/postgresql/12/debian-10/Dockerfile
+++ b/bitnami/postgresql/12/debian-10/Dockerfile
@@ -8,9 +8,9 @@ ENV HOME="/" \
 
 COPY prebuildfs /
 # Install required system packages and dependencies
-RUN install_packages ca-certificates curl gzip libbsd0 libc6 libedit2 libffi6 libgcc1 libgmp10 libgnutls30 libhogweed4 libicu63 libidn2-0 libldap-2.4-2 liblzma5 libnettle6 libp11-kit0 libsasl2-2 libsqlite3-0 libssl1.1 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libuuid1 libxml2 libxslt1.1 locales procps tar zlib1g
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "postgresql" "12.3.0-5" --checksum 7bb4fb20450bac855104aeae6adbd117ab4aa0cd80ed0907931beac4855fd216
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.12.0-0" --checksum 582d501eeb6b338a24f417fededbf14295903d6be55c52d66c52e616c81bcd8c
+RUN install_packages acl ca-certificates curl gzip libbsd0 libc6 libedit2 libffi6 libgcc1 libgmp10 libgnutls30 libhogweed4 libicu63 libidn2-0 libldap-2.4-2 liblzma5 libnettle6 libp11-kit0 libsasl2-2 libsqlite3-0 libssl1.1 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libuuid1 libxml2 libxslt1.1 locales procps tar zlib1g
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "postgresql" "12.3.0-6" --checksum 1df7328a4f217ac8806b8a82663167be2ab7dedb06b2e818e88418f69fa58973
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.12.0-1" --checksum 51cfb1b7fd7b05b8abd1df0278c698103a9b1a4964bdacd87ca1d5c01631d59c
 RUN apt-get update && apt-get upgrade -y && \
     rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8
@@ -22,7 +22,7 @@ RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen
 COPY rootfs /
 RUN /opt/bitnami/scripts/postgresql/postunpack.sh
 ENV BITNAMI_APP_NAME="postgresql" \
-    BITNAMI_IMAGE_VERSION="12.3.0-debian-10-r39" \
+    BITNAMI_IMAGE_VERSION="12.3.0-debian-10-r40" \
     LANG="en_US.UTF-8" \
     LANGUAGE="en_US:en" \
     NSS_WRAPPER_LIB="/opt/bitnami/common/lib/libnss_wrapper.so" \
diff --git a/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
index c7c94c3ba988..257c4297590a 100644
--- a/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
+++ b/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
@@ -95,6 +95,22 @@ is_file_writable() {
     fi
 }
 
+########################
+# Relativize a path
+# arguments:
+#   $1 - path
+#   $2 - base
+# returns:
+#   None
+#########################
+relativize() {
+    local -r path="${1:?missing path}"
+    local -r base="${2:?missing base}"
+    pushd / >/dev/null
+    realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
+    popd >/dev/null
+}
+
 ########################
 # Configure permisions and ownership recursively
 # Globals:
diff --git a/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
index d4a0b32e1132..dce83ffca153 100644
--- a/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
+++ b/bitnami/postgresql/12/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
@@ -7,6 +7,7 @@
 
 # Load Generic Libraries
 . /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libos.sh
 . /opt/bitnami/scripts/liblog.sh
 . /opt/bitnami/scripts/libversion.sh
 
@@ -34,14 +35,29 @@ persist_app() {
         warn "No files are configured to be persisted"
         return
     fi
-    local file_to_persist_origin file_to_persist_destination file_to_persist_destination_folder
+    pushd "$install_dir" >/dev/null
+    local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
+    local -r tmp_file="/tmp/perms.acl"
     for file_to_persist in "${files_to_persist[@]}"; do
-        file_to_persist_origin="${install_dir}/${file_to_persist}"
-        file_to_persist_destination="${persist_dir}/${file_to_persist}"
+        file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
+        file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
         file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
-        mkdir -p "$file_to_persist_destination_folder"
-        cp -Lr "$file_to_persist_origin" "$file_to_persist_destination_folder"
+        # Get original permissions (except for the root directory, to avoid issues with volumes)
+        find "$file_to_persist_relative" | grep -E -v '^\.$' | xargs getfacl -R > "$tmp_file"
+        # Copy directories to the volume
+        ensure_dir_exists "$file_to_persist_destination_folder"
+        cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
+        # Restore permissions
+        pushd "$persist_dir" >/dev/null
+        if am_i_root; then
+            setfacl --restore="$tmp_file"
+        else
+            # When running as non-root, don't change ownership
+            setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
+        fi
+        popd >/dev/null
     done
+    popd >/dev/null
     # Install the persisted files into the installation directory, via symlinks
     restore_persisted_app "$@"
 }
@@ -69,11 +85,12 @@ restore_persisted_app() {
         warn "No persisted files are configured to be restored"
         return
     fi
-    local file_to_restore_origin file_to_restore_destination
+    local file_to_restore_relative file_to_restore_origin file_to_restore_destination
     for file_to_restore in "${files_to_restore[@]}"; do
-        # We use realpath to ensure that the case of '.' is covered and the directory is removed
-        file_to_restore_origin="$(realpath "${install_dir}/${file_to_restore}")"
-        file_to_restore_destination="$(realpath "${persist_dir}/${file_to_restore}")"
+        file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
+        # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
+        file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
+        file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
         rm -rf "$file_to_restore_origin"
         ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
     done
diff --git a/bitnami/postgresql/12/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh b/bitnami/postgresql/12/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh
index 4f6a155d7b88..877d7be5ca2f 100644
--- a/bitnami/postgresql/12/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh
+++ b/bitnami/postgresql/12/debian-10/rootfs/opt/bitnami/scripts/postgresql-env.sh
@@ -191,7 +191,7 @@ export POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-"${PO
 export POSTGRESQL_REPLICATION_PASSWORD="${POSTGRESQL_REPLICATION_PASSWORD:-}"
 
 export POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-"${POSTGRES_INITSCRIPTS_PASSWORD:-}"}"
-export POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-}"
+export POSTGRESQL_INITSCRIPTS_PASSWORD="${POSTGRESQL_INITSCRIPTS_PASSWORD:-$POSTGRESQL_PASSWORD}"
 
 # Internal
 export POSTGRESQL_FIRST_BOOT="yes"
diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md
index 85b1e4243c63..05511481437d 100644
--- a/bitnami/postgresql/README.md
+++ b/bitnami/postgresql/README.md
@@ -42,7 +42,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
 
 
-* [`12-debian-10`, `12.3.0-debian-10-r39`, `12`, `12.3.0` (12/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.3.0-debian-10-r39/12/debian-10/Dockerfile)
+* [`12-debian-10`, `12.3.0-debian-10-r40`, `12`, `12.3.0` (12/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.3.0-debian-10-r40/12/debian-10/Dockerfile)
 * [`11-debian-10`, `11.8.0-debian-10-r44`, `11`, `11.8.0`, `latest` (11/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.8.0-debian-10-r44/11/debian-10/Dockerfile)
 * [`10-debian-10`, `10.13.0-debian-10-r41`, `10`, `10.13.0` (10/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/10.13.0-debian-10-r41/10/debian-10/Dockerfile)
 * [`9.6-debian-10`, `9.6.18-debian-10-r42`, `9.6`, `9.6.18` (9.6/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/9.6.18-debian-10-r42/9.6/debian-10/Dockerfile)