From 01c8361794ea80e8cf7a5b4bdbc1bdaecb37024b Mon Sep 17 00:00:00 2001
From: Alexander Kukushkin <alexander.kukushkin@zalando.de>
Date: Thu, 24 Mar 2022 14:01:22 +0100
Subject: [PATCH] Fix different files permissions (#707)

- allow read/execute by everyone for runit run files
- change owner to root for etcd and etcdctl

In addition to that bump Timescaledb to 2.6.0 and allow custom settings of `WALE_DISABLE_S3_SSE` and `WALG_DISABLE_S3_SSE`

Close https://github.com/zalando/spilo/issues/697
Close https://github.com/zalando/spilo/issues/701
Close https://github.com/zalando/spilo/issues/704
---
 postgres-appliance/Dockerfile                 | 7 ++++---
 postgres-appliance/scripts/configure_spilo.py | 6 ++++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/postgres-appliance/Dockerfile b/postgres-appliance/Dockerfile
index b7e3c667c..5c9d7f2d4 100644
--- a/postgres-appliance/Dockerfile
+++ b/postgres-appliance/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=ubuntu:18.04
 ARG PGVERSION=14
-ARG TIMESCALEDB="1.7.5 2.3.1 2.5.2"
+ARG TIMESCALEDB="1.7.5 2.3.1 2.6.0"
 ARG DEMO=false
 ARG COMPRESS=false
 
@@ -74,7 +74,8 @@ RUN export DEBIAN_FRONTEND=noninteractive \
         # install etcdctl
         && ETCDVERSION=3.3.27 \
         && curl -L https://github.com/coreos/etcd/releases/download/v${ETCDVERSION}/etcd-v${ETCDVERSION}-linux-$(dpkg --print-architecture).tar.gz \
-                | tar xz -C /bin --strip=1 --wildcards --no-anchored etcdctl etcd; \
+                | tar xz -C /bin --strip=1 --wildcards --no-anchored etcdctl etcd \
+        && chown root:root /bin/etcd*; \
     fi \
 \
     # Cleanup all locales but en_US.UTF-8 and optionally specified in ADDITIONAL_LOCALES arg
@@ -524,7 +525,7 @@ RUN sed -i "s|/var/lib/postgresql.*|$PGHOME:/bin/bash|" /etc/passwd \
         && ln -s $RW_DIR/cron /var/spool/cron \
         && ln -s $RW_DIR/tmp /var/tmp \
         && for d in /etc/service/*; do \
-            chmod 750 $d/* \
+            chmod 755 $d/* \
             && ln -s /run/supervise/$(basename $d) $d/supervise; \
         done \
         && ln -snf $RW_DIR/service /etc/service \
diff --git a/postgres-appliance/scripts/configure_spilo.py b/postgres-appliance/scripts/configure_spilo.py
index d0e3f817b..0ddeabec9 100755
--- a/postgres-appliance/scripts/configure_spilo.py
+++ b/postgres-appliance/scripts/configure_spilo.py
@@ -799,8 +799,10 @@ def write_wale_environment(placeholders, prefix, overwrite):
                                     'but got %s', wale_endpoint)
                 if not aws_endpoint:
                     aws_endpoint = match.expand(r'\1\3') if match else wale_endpoint
-            wale.update(WALE_S3_ENDPOINT=wale_endpoint, AWS_ENDPOINT=aws_endpoint,
-                        WALG_DISABLE_S3_SSE='true', WALE_DISABLE_S3_SSE='true')
+            wale.update(WALE_S3_ENDPOINT=wale_endpoint, AWS_ENDPOINT=aws_endpoint)
+            for name in ('WALE_DISABLE_S3_SSE', 'WALG_DISABLE_S3_SSE'):
+                if not wale.get(name):
+                    wale[name] = 'true'
             wale['AWS_S3_FORCE_PATH_STYLE'] = 'true' if convention == 'path' else 'false'
             if aws_region and wale.get('USE_WALG_BACKUP') == 'true':
                 wale['AWS_REGION'] = aws_region