From e3a79663b2166ae1d097ac679dd18f200bdb96cb Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami.bot@broadcom.com>
Date: Tue, 14 Oct 2025 13:54:24 +0200
Subject: [PATCH] [bitnami/pgpool] Release 4.6.3-debian-12-r5 (#87554)

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
---
 bitnami/pgpool/4/debian-12/Dockerfile         |  4 +-
 .../rootfs/opt/bitnami/scripts/libpgpool.sh   | 39 ++++++++++++-------
 .../rootfs/opt/bitnami/scripts/pgpool-env.sh  |  2 +-
 .../opt/bitnami/scripts/pgpool/entrypoint.sh  |  2 +-
 .../opt/bitnami/scripts/pgpool/healthcheck.sh |  2 +-
 .../opt/bitnami/scripts/pgpool/postunpack.sh  |  2 +-
 .../rootfs/opt/bitnami/scripts/pgpool/run.sh  |  2 +-
 .../opt/bitnami/scripts/pgpool/setup.sh       |  6 +--
 bitnami/pgpool/README.md                      |  2 +-
 9 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/bitnami/pgpool/4/debian-12/Dockerfile b/bitnami/pgpool/4/debian-12/Dockerfile
index d7a0f7dba9ef..968573061a41 100644
--- a/bitnami/pgpool/4/debian-12/Dockerfile
+++ b/bitnami/pgpool/4/debian-12/Dockerfile
@@ -7,7 +7,7 @@ ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
 ARG TARGETARCH
 
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-10-14T09:02:33Z" \
+      org.opencontainers.image.created="2025-10-14T11:42:42Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/pgpool/README.md" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/pgpool" \
@@ -51,7 +51,7 @@ COPY rootfs /
 RUN /opt/bitnami/scripts/pgpool/postunpack.sh
 ENV APP_VERSION="4.6.3" \
     BITNAMI_APP_NAME="pgpool" \
-    IMAGE_REVISION="4" \
+    IMAGE_REVISION="5" \
     LD_LIBRARY_PATH="/opt/bitnami/common/lib:/opt/bitnami/common/lib64:$LD_LIBRARY_PATH" \
     PATH="/opt/bitnami/common/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/pgpool/bin:/opt/bitnami/common/sbin:$PATH"
 
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/libpgpool.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/libpgpool.sh
index 371e7f4651ea..c26058877f65 100644
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/libpgpool.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/libpgpool.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool library
+# Bitnami Pgpool-II library
 
 # shellcheck disable=SC1090,SC1091
 
@@ -134,11 +134,13 @@ pgpool_validate() {
     fi
 
     # Check for Authentication method
-    if ! [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(md5|scram-sha-256)$ ]]; then
-        print_validation_error "The values allowed for PGPOOL_AUTHENTICATION_METHOD: md5,scram-sha-256"
+    if ! [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(md5|scram-sha-256|trust)$ ]]; then
+        print_validation_error "The values allowed for PGPOOL_AUTHENTICATION_METHOD: md5,scram-sha-256,trust"
+    elif [[ "$PGPOOL_AUTHENTICATION_METHOD" = "trust" ]]; then
+        warn "You set 'trust' as authentication method. For safety reasons, do not use this method in production environments."
     fi
 
-    # check for required environment variables for scram-sha-256 based authentication
+    # Check for required environment variables for scram-sha-256 based authentication
     if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
         # If scram-sha-256 is enabled, pg_pool_password cannot be disabled
         if ! is_boolean_yes "$PGPOOL_ENABLE_POOL_PASSWD"; then
@@ -250,18 +252,21 @@ pgpool_healthcheck() {
 pgpool_create_pghba() {
     local all_authentication="$PGPOOL_AUTHENTICATION_METHOD"
     is_boolean_yes "$PGPOOL_ENABLE_LDAP" && all_authentication="pam pamservice=pgpool"
-    local postgres_auth_line=""
-    local sr_check_auth_line=""
+    local postgres_authentication="scram-sha-256"
+    # We avoid using 'trust' for the postgres user even if PGPOOL_AUTHENTICATION_METHOD is set to 'trust'
+    [[ "$PGPOOL_AUTHENTICATION_METHOD" = "md5" ]] && postgres_authentication="md5"
+
     info "Generating pg_hba.conf file..."
-
+    local postgres_auth_line=""
     if is_boolean_yes "$PGPOOL_ENABLE_POOL_PASSWD"; then
-        postgres_auth_line="host     all             ${PGPOOL_POSTGRES_USERNAME}       all        ${PGPOOL_AUTHENTICATION_METHOD}"
+        postgres_auth_line="host     all             ${PGPOOL_POSTGRES_USERNAME}       all        ${postgres_authentication}"
     fi
+    local sr_check_auth_line=""
     if [[ -n "$PGPOOL_SR_CHECK_USER" ]]; then
-        sr_check_auth_line="host     all             ${PGPOOL_SR_CHECK_USER}            all        ${PGPOOL_AUTHENTICATION_METHOD}"
+        sr_check_auth_line="host     all             ${PGPOOL_SR_CHECK_USER}            all        ${postgres_authentication}"
     fi
 
-    cat >>"$PGPOOL_PGHBA_FILE" <<EOF
+    cat >"$PGPOOL_PGHBA_FILE" <<EOF
 local    all             all                            trust
 EOF
 
@@ -387,9 +392,12 @@ pgpool_create_config() {
     # Authentication settings
     # ref: http://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#RUNTIME-CONFIG-AUTHENTICATION-SETTINGS
     pgpool_set_property "enable_pool_hba" "$(is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" && echo "on" || echo "off")"
-    # allow_clear_text_frontend_auth only works when enable_pool_hba is not enabled
     # ref: https://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#GUC-ALLOW-CLEAR-TEXT-FRONTEND-AUTH
-    pgpool_set_property "allow_clear_text_frontend_auth" "$(is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" && echo "off" || echo "on")"
+    if ! is_boolean_yes "$PGPOOL_ENABLE_POOL_HBA" || [[ "$PGPOOL_AUTHENTICATION_METHOD" = "trust" ]]; then
+        pgpool_set_property "allow_clear_text_frontend_auth" "on"
+    else
+        pgpool_set_property "allow_clear_text_frontend_auth" "off"
+    fi
     pgpool_set_property "pool_passwd" "$pool_passwd"
     pgpool_set_property "authentication_timeout" "30"
     # File Locations settings
@@ -470,8 +478,9 @@ pgpool_create_config() {
 pgpool_encrypt_execute() {
     local -a password_encryption_cmd=("pg_md5")
 
-    if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
-
+    # If authentication method for 'all' users is 'trust', we still use
+    # pg_enc to generate encrypted passwords for 'postgres' and 'sr_check' users
+    if [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(scram-sha-256|trust)$ ]]; then
         if is_file_writable "$PGPOOLKEYFILE"; then
             # Creating a PGPOOLKEYFILE as it is writeable
             echo "$PGPOOL_AES_KEY" > "$PGPOOLKEYFILE"
@@ -529,7 +538,7 @@ pgpool_generate_password_file() {
 pgpool_encrypt_password() {
     local -r password="${1:?missing password}"
 
-    if [[ "$PGPOOL_AUTHENTICATION_METHOD" = "scram-sha-256" ]]; then
+    if [[ "$PGPOOL_AUTHENTICATION_METHOD" =~ ^(scram-sha-256|trust)$ ]]; then
         pgpool_encrypt_execute "$password" | grep -o -E "AES.+" | tr -d '\n'
     else
         pgpool_encrypt_execute "$password" | tr -d '\n'
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool-env.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool-env.sh
index 2abc98cd3d1b..b868fe5e38fe 100644
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool-env.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool-env.sh
@@ -134,7 +134,7 @@ export PGPOOL_SR_CHECK_PASSWORD="${PGPOOL_SR_CHECK_PASSWORD:-}"
 export PGPOOL_SR_CHECK_DATABASE="${PGPOOL_SR_CHECK_DATABASE:-postgres}"
 export PGPOOL_SR_CHECK_PERIOD="${PGPOOL_SR_CHECK_PERIOD:-30}"
 export PGPOOL_HEALTH_CHECK_USER="${PGPOOL_HEALTH_CHECK_USER:-$PGPOOL_SR_CHECK_USER}"
-export PGPOOL_HEALTH_CHECK_PASSWORD="${PGPOOL_HEALTH_CHECK_PASSWORD:-}"
+export PGPOOL_HEALTH_CHECK_PASSWORD="${PGPOOL_HEALTH_CHECK_PASSWORD:-$PGPOOL_SR_CHECK_PASSWORD}"
 export PGPOOL_ADMIN_USERNAME="${PGPOOL_ADMIN_USERNAME:-}"
 export PGPOOL_ADMIN_PASSWORD="${PGPOOL_ADMIN_PASSWORD:-}"
 export PGPOOL_POSTGRES_USERNAME="${PGPOOL_POSTGRES_USERNAME:-postgres}"
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/entrypoint.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/entrypoint.sh
index f0a1d1c72ba7..96eaee88962d 100755
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/entrypoint.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/entrypoint.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool entrypoint
+# Bitnami Pgpool-II entrypoint
 
 # shellcheck disable=SC1091
 
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/healthcheck.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/healthcheck.sh
index 8fcd3b5555fc..753da46558e2 100755
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/healthcheck.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/healthcheck.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool healthcheck
+# Bitnami Pgpool-II healthcheck
 
 # shellcheck disable=SC1091
 
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/postunpack.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/postunpack.sh
index bdb6cfe49e31..bceb9f3b69d5 100755
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/postunpack.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/postunpack.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool postunpack
+# Bitnami Pgpool-II postunpack
 
 # shellcheck disable=SC1091
 
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/run.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/run.sh
index 46861b536728..3140c141a27f 100755
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/run.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/run.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool run
+# Bitnami Pgpool-II run
 
 # shellcheck disable=SC1091
 
diff --git a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/setup.sh b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/setup.sh
index 00661f9e02c7..32e3efcd2351 100755
--- a/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/setup.sh
+++ b/bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/pgpool/setup.sh
@@ -2,7 +2,7 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 #
-# Bitnami Pgpool setup
+# Bitnami Pgpool-II setup
 
 # shellcheck disable=SC1091
 
@@ -20,12 +20,12 @@ set -o pipefail
 # Load LDAP environment variables
 eval "$(ldap_env)"
 
-# Ensure Pgpool environment variables are valid
+# Ensure Pgpool-II environment variables are valid
 pgpool_validate
 # Ensure 'daemon' user exists when running as 'root'
 am_i_root && ensure_user_exists "$PGPOOL_DAEMON_USER" --group "$PGPOOL_DAEMON_GROUP"
 am_i_root && ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP"
-# Ensure Pgpool is initialized
+# Ensure Pgpool-II is initialized
 pgpool_initialize
 # Ensure LDAP is initialized
 is_boolean_yes "$PGPOOL_ENABLE_LDAP" && ldap_initialize
diff --git a/bitnami/pgpool/README.md b/bitnami/pgpool/README.md
index f7bda42fe609..cc8980a7bced 100644
--- a/bitnami/pgpool/README.md
+++ b/bitnami/pgpool/README.md
@@ -487,7 +487,7 @@ This command will prompt for a password, this password is the one set in the env
 | `PGPOOL_SR_CHECK_DATABASE`               | Pgpool-II Streaming Replication Check database.                                                                                    | `postgres`                          |
 | `PGPOOL_SR_CHECK_PERIOD`                 | Pgpool-II Streaming Replication Check period (in seconds).                                                                         | `30`                                |
 | `PGPOOL_HEALTH_CHECK_USER`               | Pgpool-II Health Check username.                                                                                                   | `$PGPOOL_SR_CHECK_USER`             |
-| `PGPOOL_HEALTH_CHECK_PASSWORD`           | Pgpool-II Health Check password.                                                                                                   | `nil`                               |
+| `PGPOOL_HEALTH_CHECK_PASSWORD`           | Pgpool-II Health Check password.                                                                                                   | `$PGPOOL_SR_CHECK_PASSWORD`         |
 | `PGPOOL_ADMIN_USERNAME`                  | Pgpool-II Admin username.                                                                                                          | `nil`                               |
 | `PGPOOL_ADMIN_PASSWORD`                  | Pgpool-II Admin password.                                                                                                          | `nil`                               |
 | `PGPOOL_POSTGRES_USERNAME`               | PostgreSQL backend admin username.                                                                                                 | `postgres`                          |