From 1a5d5700d2fa6198251156ebe7e037a2084999a9 Mon Sep 17 00:00:00 2001
From: Endial Fang <endial@126.com>
Date: Fri, 22 Sep 2023 08:29:19 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0=E8=84=9A=E6=9C=AC?=
 =?UTF-8?q?=E5=8F=98=E9=87=8F=E4=BD=BF=E7=94=A8=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 customer/usr/local/bin/common.sh      | 34 +++++++++++++--------------
 customer/usr/local/bin/entry.sh       |  4 ++--
 customer/usr/local/bin/environment.sh |  7 +++---
 customer/usr/local/bin/init.sh        |  5 ++--
 customer/usr/local/bin/run.sh         |  2 +-
 customer/usr/local/bin/setup.sh       |  2 +-
 6 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/customer/usr/local/bin/common.sh b/customer/usr/local/bin/common.sh
index b475a8a..a6cb8d3 100644
--- a/customer/usr/local/bin/common.sh
+++ b/customer/usr/local/bin/common.sh
@@ -151,27 +151,27 @@ app_verify_minimum_env() {
         empty_password_error "You can not set PG_LDAP_URL and PG_LDAP_SERVER at the same time. Check your LDAP configuration."
     fi
 
-    if is_boolean_yes "${PG_ENABLE_TLS:-}"; then
-        if [[ -z "${PG_TLS_CERT_FILE:-}" ]]; then
+    if [[ "${PG_CFG_SSL:-off}" == "on" ]]; then
+        if [[ -z "${PG_CFG_ssl_cert_file:-}" ]]; then
             print_validation_error "You must provide a X.509 certificate in order to use TLS"
-        elif [[ ! -f "${PG_TLS_CERT_FILE}" ]]; then
-            print_validation_error "The X.509 certificate file in the specified path ${PG_TLS_CERT_FILE} does not exist"
+        elif [[ ! -f "${PG_CFG_ssl_cert_file}" ]]; then
+            print_validation_error "The X.509 certificate file in the specified path ${PG_CFG_ssl_cert_file} does not exist"
         fi
-        if [[ -z "${PG_TLS_KEY_FILE:-}" ]]; then
+        if [[ -z "${PG_CFG_ssl_key_file:-}" ]]; then
             print_validation_error "You must provide a private key in order to use TLS"
-        elif [[ ! -f "${PG_TLS_KEY_FILE}" ]]; then
-            print_validation_error "The private key file in the specified path ${PG_TLS_KEY_FILE} does not exist"
+        elif [[ ! -f "${PG_CFG_ssl_key_file}" ]]; then
+            print_validation_error "The private key file in the specified path ${PG_CFG_ssl_key_file} does not exist"
         fi
-        if [[ -z "${PG_TLS_CA_FILE:-}" ]]; then
+        if [[ -z "${PG_CFG_ssl_ca_file:-}" ]]; then
             LOG_W "A CA X.509 certificate was not provided. Client verification will not be performed in TLS connections"
-        elif [[ ! -f "${PG_TLS_CA_FILE}" ]]; then
-            print_validation_error "The CA X.509 certificate file in the specified path ${PG_TLS_CA_FILE} does not exist"
+        elif [[ ! -f "${PG_CFG_ssl_ca_file}" ]]; then
+            print_validation_error "The CA X.509 certificate file in the specified path ${PG_CFG_ssl_ca_file} does not exist"
         fi
-        if [[ -n "${PG_TLS_CRL_FILE:-}" ]] && [[ ! -f "${PG_TLS_CRL_FILE}" ]]; then
-            print_validation_error "The CRL file in the specified path ${PG_TLS_CRL_FILE} does not exist"
+        if [[ -n "${PG_CFG_ssl_crl_file:-}" ]] && [[ ! -f "${PG_CFG_ssl_crl_file}" ]]; then
+            print_validation_error "The CRL file in the specified path ${PG_CFG_ssl_crl_file} does not exist"
         fi
-        if ! is_yes_no_value "${PG_TLS_PREFER_SERVER_CIPHERS:-}"; then
-            print_validation_error "The values allowed for PG_TLS_PREFER_SERVER_CIPHERS are: yes or no"
+        if ! is_yes_no_value "${PG_CFG_ssl_prefer_server_ciphers:-}"; then
+            print_validation_error "The values allowed for prefer_server_ciphers are: on or off"
         fi
     fi
 
@@ -194,7 +194,7 @@ app_disable_remote_connections() {
 
 # 以后台方式启动应用服务，并等待启动就绪
 app_start_server_bg() {
-    LOG_I "Start ${APP_NAME} in background..."
+    LOG_I "Starting ${APP_NAME} in background..."
 
     # 使用 pg_ctl 命令，以服务方式启动 PostgreSQL
     local pg_ctl_cmd=$(command -v pg_ctl)
@@ -209,7 +209,7 @@ app_start_server_bg() {
 
 # 停止应用服务
 app_stop_server() {
-    LOG_I "Stop ${APP_NAME} background service..."
+    LOG_I "Stopping ${APP_NAME} background service..."
 
     # 使用 pg_ctl 命令关闭服务
     local pg_ctl_cmd=$(command -v pg_ctl)
@@ -394,7 +394,7 @@ pg_update_hba_conf() {
         pg_hba_allow_ldap_auth
     fi
 
-    if is_boolean_yes "${PG_ENABLE_TLS:-}" ; then
+    if [[ "${PG_CFG_SSL:-off}" == "on" ]]; then
         pg_hba_allow_tls_connection
     fi
 }
diff --git a/customer/usr/local/bin/entry.sh b/customer/usr/local/bin/entry.sh
index 462743c..a1a112c 100755
--- a/customer/usr/local/bin/entry.sh
+++ b/customer/usr/local/bin/entry.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/dumb-init /bin/bash
-# Ver: 1.5 by Endial Fang (endial@126.com)
+# Ver: 1.6 by Endial Fang (endial@126.com)
 # 
 # 容器入口脚本；当前脚本执行完毕时，使用默认用户执行镜像 CMD 定义的命令（默认为'/usr/local/bin/run.sh'）
 
@@ -29,7 +29,7 @@ fi
 # 处理 root 用户**且**使用init.sh脚本时的初始化
 if [[ "$(id -u)" == '0' ]] && [[ "$1" == "init.sh" ]]; then
     /usr/local/bin/setup.sh
-    gosu "${APP_USER}" /usr/local/bin/init.sh
+    exec gosu "${APP_USER}" /usr/local/bin/init.sh
 fi
 
 # 处理非以上情形的自定义命令
diff --git a/customer/usr/local/bin/environment.sh b/customer/usr/local/bin/environment.sh
index 533786a..9525c3a 100644
--- a/customer/usr/local/bin/environment.sh
+++ b/customer/usr/local/bin/environment.sh
@@ -1,12 +1,12 @@
 #!/bin/bash
-# Ver: 1.2 by Endial Fang (endial@126.com)
+# Ver: 1.3 by Endial Fang (endial@126.com)
 # 
 # 应用环境变量定义及初始化
 
 export ENV_DEBUG=${ENV_DEBUG:-false}
 export ALLOW_ANONYMOUS="${ALLOW_ANONYMOUS:-no}"
 
-# 通过读取变量名对应的 *_FILE 文件，获取变量值；如果对应文件存在，则通过传入参数设置的变量值会被文件中对应的值覆盖
+# 通过读取变量名对应的`*_FILE`文件，获取变量值
 # 变量优先级： *_FILE > 传入变量 > 默认值
 app_env_file_lists=(
 	PG_POSTGRES_PASSWORD
@@ -25,7 +25,7 @@ unset app_env_file_lists
 # 应用路径参数（Dockerfile 已定义：APP_NAME、APP_VER，可能定义 APP_USER、APP_EXEC）
 export APP_EXEC="${APP_EXEC:-${APP_NAME}}"
 export APP_USER="${APP_USER:-${APP_NAME}}"
-export APP_GROUP="${APP_USER:-${APP_NAME}}"
+export APP_GROUP="${APP_GROUP:-${APP_USER}}"
 export APP_HOME="${APP_HOME:-/srv/${APP_NAME}}"
 export APP_BASE="${APP_BASE:-/usr/local/${APP_NAME}}"
 
@@ -116,3 +116,4 @@ export PG_CFG_HBA_FILE="${PGDATA}/pg_hba.conf"
 export PG_CFG_IDENT_FILE="${PGDATA}/pg_ident.conf"
 export PG_CFG_EXTERNAL_PID_FILE="${APP_RUN_DIR}/postgresql.pid"
 export PG_CFG_LOG_DIRECTORY="${APP_LOG_DIR}"
+
diff --git a/customer/usr/local/bin/init.sh b/customer/usr/local/bin/init.sh
index 91a7563..439f3d9 100755
--- a/customer/usr/local/bin/init.sh
+++ b/customer/usr/local/bin/init.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
-# Ver: 1.3 by Endial Fang (endial@126.com)
+# Ver: 1.4 by Endial Fang (endial@126.com)
 # 
-# 应用初始化脚本
+# 应用初始化脚本；当前脚本使用‘gosu ${APP_USER}’方式切换至用户空间执行
 
 # 设置 shell 执行参数，可使用'-'(打开）'+'（关闭）控制。常用：
 # 	-e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
@@ -13,6 +13,7 @@ set -euo pipefail
 LOG_I "** Processing init.sh **"
 #trap "app_stop_server" EXIT
 
+# 检测最小环境变量配置
 app_verify_minimum_env
 
 # 执行应用预初始化操作
diff --git a/customer/usr/local/bin/run.sh b/customer/usr/local/bin/run.sh
index 2825a30..6a76a86 100755
--- a/customer/usr/local/bin/run.sh
+++ b/customer/usr/local/bin/run.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Ver: 1.6 by Endial Fang (endial@126.com)
+# Ver: 1.7 by Endial Fang (endial@126.com)
 # 
 # 应用启动脚本；组合默认的配置参数及容器启动时传入的 CMD 参数，启动应用
 
diff --git a/customer/usr/local/bin/setup.sh b/customer/usr/local/bin/setup.sh
index c154a00..879c614 100755
--- a/customer/usr/local/bin/setup.sh
+++ b/customer/usr/local/bin/setup.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Ver: 1.3 by Endial Fang (endial@126.com)
+# Ver: 1.4 by Endial Fang (endial@126.com)
 # 
 # 应用环境及依赖文件设置脚本；当前脚本以‘root’用户执行