From 62dd28fc2a77a232cefa107b13ab228f3c357705 Mon Sep 17 00:00:00 2001
From: Julien Goux <hi@jgoux.dev>
Date: Wed, 21 May 2025 17:51:08 +0200
Subject: [PATCH 1/4] fix: sync supabase roles with $POSTGRES_PASSWORD

---
 Dockerfile-15               |  8 +++-
 docker/docker-entrypoint.sh | 83 +++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100755 docker/docker-entrypoint.sh

diff --git a/Dockerfile-15 b/Dockerfile-15
index e8dd95c72..11781df42 100644
--- a/Dockerfile-15
+++ b/Dockerfile-15
@@ -181,6 +181,10 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \    
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
+    # Remove supabase_admin line from pg_hba.conf
+    sed -i '/local all  supabase_admin     scram-sha-256/d' /etc/postgresql/pg_hba.conf && \
+    # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users
+    sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map  postgres   supabase_admin\nsupabase_map  root       supabase_admin\nsupabase_map  ubuntu     supabase_admin\n' /etc/postgresql/pg_ident.conf && \
     usermod -aG postgres wal-g && \
     mkdir -p /etc/postgresql-custom && \
     chown postgres:postgres /etc/postgresql-custom
@@ -194,7 +198,9 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
 ADD --chmod=0755 \
     https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh \
-    /usr/local/bin/
+    /usr/local/bin/upstream-docker-entrypoint.sh
+# # Add custom entrypoint script
+COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql
 
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
new file mode 100755
index 000000000..28bb097e6
--- /dev/null
+++ b/docker/docker-entrypoint.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+set -Eeo pipefail
+
+source /usr/local/bin/upstream-docker-entrypoint.sh
+
+# sync $POSTGRES_PASSWORD to supabase-specific roles
+pg_sync_password() {
+  # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
+  # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
+	export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
+	docker_temp_server_start "$@"
+
+	# alter the supabase_admin password
+	docker_process_sql <<-'EOSQL'
+		\set pgpass `echo "$POSTGRES_PASSWORD"`
+		ALTER USER supabase_admin WITH PASSWORD :'pgpass';
+	EOSQL
+
+	# execute the roles SQL file using docker_process_sql
+	docker_process_sql -f /docker-entrypoint-initdb.d/init-scripts/99-roles.sql
+
+	docker_temp_server_stop
+	unset PGPASSWORD
+}
+
+_main() {
+	# if first arg looks like a flag, assume we want to run postgres server
+	if [ "${1:0:1}" = '-' ]; then
+		set -- postgres "$@"
+	fi
+
+	if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
+		docker_setup_env
+		# setup data directories and permissions (when run as root)
+		docker_create_db_directories
+		if [ "$(id -u)" = '0' ]; then
+			# then restart script as postgres user
+			exec gosu postgres "$BASH_SOURCE" "$@"
+		fi
+
+		# only run initialization on an empty data directory
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			docker_verify_minimum_env
+
+			# check dir permissions to reduce likelihood of half-initialized database
+			ls /docker-entrypoint-initdb.d/ > /dev/null
+
+			docker_init_database_dir
+			pg_setup_hba_conf "$@"
+
+			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
+			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
+			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
+			docker_temp_server_start "$@"
+
+			docker_setup_db
+			docker_process_init_files /docker-entrypoint-initdb.d/*
+
+			docker_temp_server_stop
+			unset PGPASSWORD
+
+			cat <<-'EOM'
+
+				PostgreSQL init process complete; ready for start up.
+
+			EOM
+		else
+			cat <<-'EOM'
+
+				PostgreSQL Database directory appears to contain a database; Skipping initialization
+
+			EOM
+		fi
+
+		pg_sync_password "$@"
+	fi
+
+	exec "$@"
+}
+
+if ! _is_sourced; then
+	_main "$@"
+fi
\ No newline at end of file

From 67b202d7568a90956fe773c2bca823b8248dc0b7 Mon Sep 17 00:00:00 2001
From: Julien Goux <hi@jgoux.dev>
Date: Wed, 21 May 2025 18:01:43 +0200
Subject: [PATCH 2/4] add changes to pg 17 Dockerfile

---
 Dockerfile-17 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Dockerfile-17 b/Dockerfile-17
index e83a273d4..8dd7a0de4 100644
--- a/Dockerfile-17
+++ b/Dockerfile-17
@@ -181,6 +181,10 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
+    # Remove supabase_admin line from pg_hba.conf
+    sed -i '/local all  supabase_admin     scram-sha-256/d' /etc/postgresql/pg_hba.conf && \
+    # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users
+    sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map  postgres   supabase_admin\nsupabase_map  root       supabase_admin\nsupabase_map  ubuntu     supabase_admin\n' /etc/postgresql/pg_ident.conf && \
     usermod -aG postgres wal-g && \
     mkdir -p /etc/postgresql-custom && \
     chown postgres:postgres /etc/postgresql-custom
@@ -202,7 +206,9 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
 ADD --chmod=0755 \
     https://github.com/docker-library/postgres/raw/master/17/bullseye/docker-entrypoint.sh \
-    /usr/local/bin/
+    /usr/local/bin/upstream-docker-entrypoint.sh
+# # Add custom entrypoint script
+COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql
 

From 28c44bbfd039d2d11a496c807103120a8931a97e Mon Sep 17 00:00:00 2001
From: Julien Goux <hi@jgoux.dev>
Date: Wed, 21 May 2025 18:04:49 +0200
Subject: [PATCH 3/4] add changes to oriole docker image

---
 Dockerfile-orioledb-17 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17
index bd36e6fd0..8b3f9c806 100644
--- a/Dockerfile-orioledb-17
+++ b/Dockerfile-orioledb-17
@@ -181,6 +181,10 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
+    # Remove supabase_admin line from pg_hba.conf
+    sed -i '/local all  supabase_admin     scram-sha-256/d' /etc/postgresql/pg_hba.conf && \
+    # Add supabase_admin mappings block to pg_ident.conf before supabase-specific users
+    sed -i '/# supabase-specific users/i\# supabase_admin user mappings\nsupabase_map  postgres   supabase_admin\nsupabase_map  root       supabase_admin\nsupabase_map  ubuntu     supabase_admin\n' /etc/postgresql/pg_ident.conf && \
     usermod -aG postgres wal-g && \
     mkdir -p /etc/postgresql-custom && \
     chown postgres:postgres /etc/postgresql-custom
@@ -207,7 +211,9 @@ RUN echo "CREATE EXTENSION orioledb;" > /docker-entrypoint-initdb.d/init-scripts
 COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
 ADD --chmod=0755 \
     https://github.com/docker-library/postgres/raw/master/17/bullseye/docker-entrypoint.sh \
-    /usr/local/bin/
+    /usr/local/bin/upstream-docker-entrypoint.sh
+# # Add custom entrypoint script
+COPY --chmod=0755 docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql
 

From fcd5483ebb35ed332df14a3ca3e4caf155b10edf Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <31685197+soedirgo@users.noreply.github.com>
Date: Thu, 22 May 2025 01:30:54 +0800
Subject: [PATCH 4/4] Update docker-entrypoint.sh

---
 docker/docker-entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
index 28bb097e6..02f38505a 100755
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -80,4 +80,4 @@ _main() {
 
 if ! _is_sourced; then
 	_main "$@"
-fi
\ No newline at end of file
+fi