From 8a4e3ec25022b3aab15335fb0e5d9e0665a97ff6 Mon Sep 17 00:00:00 2001
From: Brandon Dunne <brandondunne@hotmail.com>
Date: Thu, 8 Dec 2022 18:25:20 -0500
Subject: [PATCH] Use /etc/pki for the server certificates

The problem with /var/lib/pgsql/data/userdata is if this is a new install,
initalizing the database will fail because the userdata directory is not
empty and it is expected to be empty.  Since the postgres configs are always
mounted on the pod we need the certs to be in a predictable location.
---
 Dockerfile                    | 1 +
 container-assets/pre-start.sh | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a524ea1..ebf0f06 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -82,6 +82,7 @@ RUN ARCH=$(uname -m) && \
     yum -y reinstall tzdata && \
     yum -y clean all --enablerepo='*' && \
     localedef -f UTF-8 -i en_US en_US.UTF-8 && \
+    chmod -R g+w /etc/pki/tls && \
     test "$(id postgres)" = "uid=26(postgres) gid=26(postgres) groups=26(postgres)" && \
     mkdir -p /var/lib/pgsql/data && \
     /usr/libexec/fix-permissions /var/lib/pgsql /var/run/postgresql
diff --git a/container-assets/pre-start.sh b/container-assets/pre-start.sh
index 4e79905..dd1b36f 100755
--- a/container-assets/pre-start.sh
+++ b/container-assets/pre-start.sh
@@ -3,9 +3,9 @@
 if [ ! -f /opt/app-root/src/certificates/server.key ]; then
   echo "Skipping SSL setup, key not found."
 else
-  cp /opt/app-root/src/certificates/server.crt /var/lib/pgsql/data/userdata/server.crt
-  cp /opt/app-root/src/certificates/server.key /var/lib/pgsql/data/userdata/server.key
+  cp /opt/app-root/src/certificates/server.crt /etc/pki/tls/certs/server.crt
+  cp /opt/app-root/src/certificates/server.key /etc/pki/tls/private/server.key
 
   # Postgresql server will reject key files with liberal permissions
-  chmod og-rwx /var/lib/pgsql/data/userdata/server.key
+  chmod og-rwx /etc/pki/tls/private/server.key
 fi