From fd68db6cc1c3f996dcc0ee19390f433df720709d Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Thu, 11 May 2017 14:49:50 -0500
Subject: [PATCH] better handling of Postgres pg_hba.conf

---
 comanage-registry-postgres/Dockerfile         |  2 +-
 .../create-pg_hba.conf.sh                     | 28 ++++++++++++++-----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/comanage-registry-postgres/Dockerfile b/comanage-registry-postgres/Dockerfile
index ce28e14..5b0b5b5 100644
--- a/comanage-registry-postgres/Dockerfile
+++ b/comanage-registry-postgres/Dockerfile
@@ -40,4 +40,4 @@ ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_P
 
 ENTRYPOINT ["/usr/local/bin/comanage-registry-postgres-entrypoint.sh"]
 
-CMD ["-c", "hba_file=/etc/postgres/pg_hba.conf"]
+CMD ["postgres"]
diff --git a/comanage-registry-postgres/create-pg_hba.conf.sh b/comanage-registry-postgres/create-pg_hba.conf.sh
index f139871..84ca1da 100755
--- a/comanage-registry-postgres/create-pg_hba.conf.sh
+++ b/comanage-registry-postgres/create-pg_hba.conf.sh
@@ -21,21 +21,35 @@
 
 set -e
 
-mkdir -p /etc/postgres
-
-if [ -n "$COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD" ]
+# Measure the existing pg_hba.conf file to see if it is the default.
+# The default version written will depend on whether or not passwords
+# have been injected.
+CHECKSUM=`md5sum /var/lib/postgresql/data/pg_hba.conf | awk '{print $1}'`
+if [ "$CHECKSUM" = "d3cf011ed2c2f5ff9b7664911969c0f5" ] || [ "$CHECKSUM" = "42f44484c701461a44b713b1b6c0b901" ]
 then
+    PG_HBA_DEFAULT="1"
+else
+    PG_HBA_DEFAULT="0"
+fi
+
+# If the pg_hba.conf file is the default overwrite a more restrictive
+# version.
 
-    cat >> /etc/postgres/pg_hba.conf <<EOF
+if [ "$PG_HBA_DEFAULT" = "1" ]
+then
+    # If a password has been injected require it, otherwise just use samenet trust.
+    if [ -n "$COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD" ] 
+    then
+        cat > /var/lib/postgresql/data/pg_hba.conf <<EOF
 local all postgres peer
 host $COMANAGE_REGISTRY_POSTGRES_DATABASE $COMANAGE_REGISTRY_POSTGRES_USER 127.0.0.1/32 md5
 host $COMANAGE_REGISTRY_POSTGRES_DATABASE $COMANAGE_REGISTRY_POSTGRES_USER samenet md5
 EOF
 
-else
-    cat >> /etc/postgres/pg_hba.conf <<EOF
+    else
+        cat > /var/lib/postgresql/data/pg_hba.conf <<EOF
 local all postgres peer
 host $COMANAGE_REGISTRY_POSTGRES_DATABASE $COMANAGE_REGISTRY_POSTGRES_USER samenet trust
 EOF
-
+    fi
 fi