From 9fcc748e66782e79571331fc7c349030fa43781d Mon Sep 17 00:00:00 2001
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Sat, 9 Nov 2019 22:51:43 +0100
Subject: main/pgpool: run as postgres user, not as root

---
 main/pgpool/APKBUILD           | 11 ++++++++---
 main/pgpool/pgpool.initd       |  3 ++-
 main/pgpool/pgpool.pre-install | 10 ++++++++++
 3 files changed, 20 insertions(+), 4 deletions(-)
 create mode 100644 main/pgpool/pgpool.pre-install

diff --git a/main/pgpool/APKBUILD b/main/pgpool/APKBUILD
index 36b41666c66..f710b5d5f11 100644
--- a/main/pgpool/APKBUILD
+++ b/main/pgpool/APKBUILD
@@ -9,7 +9,9 @@ url="https://www.pgpool.net/"
 arch="all"
 license="BSD"
 makedepends="postgresql-dev linux-headers"
-install="$pkgname.post-upgrade"
+pkgusers="postgres"
+pkggroups="postgres"
+install="$pkgname.pre-install $pkgname.post-upgrade"
 subpackages="$pkgname-openrc $pkgname-doc $pkgname-static $pkgname-dev"
 source="$pkgname-$pkgver.tar.gz::https://www.pgpool.net/download.php?f=$_pkgname-$pkgver.tar.gz
 	$pkgname.initd
@@ -44,10 +46,13 @@ check() {
 package() {
 	make DESTDIR="$pkgdir" install
 
+	touch "$pkgdir"/etc/$pkgname/pool_passwd
+
 	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
 	install -m644 -D "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname
-	install -d -m755 "$pkgdir"/var/log/$pkgname
+
+	install -d -o "$pkgusers" -g "$pkggroups" -m755 "$pkgdir"/var/log/$pkgname
 }
 
 doc() {
@@ -63,7 +68,7 @@ doc() {
 }
 
 sha512sums="6e6d5cb40efd5357b5c428dedf71d7a772c23becc397d0ece86134b9d32d4911933d7d92f7e6e5fde8cf37efed74f44c4c9d1ab782994750e8d9e99e24603863  pgpool-4.1.0.tar.gz
-da8739d36cb5e5a28885d6a3a2e21dc47ba8cec218470a622ec7d82cab4137b027ae6c63f01ec3b85636fec8bdbf91525e4d854c4b1d21e74294f8a0730f1711  pgpool.initd
+71b8239b1b29e2c4a8312b300122ced1452bbe60fc7937e80172c7c5e3d6be71e5aee58f6d3d687b0e35df6ccdc27125a12ae9098f7c2d07e76b8103abca3556  pgpool.initd
 0e40a681b068ce5c7f03c342c1217b170601a507cacdf120b9a308df65f2065e6085b292a393802d1955079f7ec434a412e6d871f688ad83bc33fa34aca37cfe  pgpool.confd
 c9aa2ea9484ed29cb57cdff4004fa9dd4780d73c69db3378effb2e0ecd3ae178771c6a847a28e1a9cc6492ada4321584afb92c9b592119fb11898b42191f22b1  pgpool.logrotated
 37e8314f2dab6889c35edb679906db3997c4d5eba704a7337ff82926d400f2ab780103b6a162b1effa74c0d7f8d6655b62cddd2017d3ea7a5de5f370871ab088  musl-compat.patch
diff --git a/main/pgpool/pgpool.initd b/main/pgpool/pgpool.initd
index 1881a1a5935..effd4a75f26 100644
--- a/main/pgpool/pgpool.initd
+++ b/main/pgpool/pgpool.initd
@@ -1,5 +1,6 @@
 #!/sbin/openrc-run
 
+: ${command_user:="postgres:postgres"}
 : ${config_file:="/etc/pgpool/pgpool.conf"}
 : ${hba_file:="/etc/pgpool/pool_hba.conf"}
 : ${key_file:="/etc/pgpool/pool_key"}
@@ -30,5 +31,5 @@ depend() {
 
 start_pre() {
 	# pgpool creates /run/pgpool/pgpool.pid file even with --dont-detach. >_<
-	checkpath -d -m 0755 /run/pgpool
+	checkpath -d -m 0750 -o "$command_user" /run/pgpool
 }
diff --git a/main/pgpool/pgpool.pre-install b/main/pgpool/pgpool.pre-install
new file mode 100644
index 00000000000..dd347062242
--- /dev/null
+++ b/main/pgpool/pgpool.pre-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Fixed GID/UID values as this users was previously included in the
+# default /etc/passwd as shipped by main/alpine-baselayout.
+
+addgroup -g 70 -S postgres 2>/dev/null
+adduser -u 70 -S -D -H -h /var/lib/postgresql -g "Postgres user" \
+	-s /bin/sh -G postgres postgres 2>/dev/null
+
+exit 0
-- 
cgit v1.2.3