package update

9 files changed, 318 insertions, 110 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 198f80b5256e..a1475fe7d0c7 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,35 +1,57 @@
-# Generated by makepkg 4.2.1
-# Sat Aug 29 08:44:40 UTC 2015
 pkgbase = postgresql-1c
-	pkgdesc = Custom version of PostgreSQL 9.4 for 1C system
-	pkgver = 9.4.2
-	pkgrel = 2
-	url = http://v8.1c.ru/overview/postgres_patches_notes.htm
-	install = postgresql.install
+	pkgdesc = Custom version of PostgreSQL 9.6 for 1C system
+	pkgver = 9.6.3
+	pkgrel = 1
+	url = https://www.postgresql.org/
+	changelog = postgresql-1c.changelog
 	arch = i686
 	arch = x86_64
-	license = GPL
-	makedepends = rpmextract
-	makedepends = gcc
-	makedepends = make
-	makedepends = flex
-	makedepends = bison
-	depends = libxml2
-	depends = libxslt
-	depends = icu
-	depends = openssl
-	conflicts = postgresql
-	conflicts = postgresql-libs
-	replaces = postgresql
-	replaces = postgresql-libs
-	source = http://v8.1c.ru/overview/postgresql_patches/9-4-2/postgresql94-9.4.2-1.1c.src.rpm
-	source = postgresql.conf
+	license = custom
+	makedepends = krb5
+	makedepends = libxml2
+	makedepends = python2
+	makedepends = perl
+	makedepends = tcl>=8.6.0
+	makedepends = openssl>=1.0.0
+	makedepends = pam
+	source = https://ftp.postgresql.org/pub/source/v9.6.3/postgresql-9.6.3.tar.bz2
+	source = postgresql-var-run-socket.patch
+	source = http://www.r-s-v.ru/1c-patch/1c-patch.tgz
+	source = postgresql.pam
+	source = postgresql.logrotate
 	source = postgresql.service
-	source = postgresql.install
-	md5sums = 1b673a15fed9df8ca058bb8674dfd88a
-	md5sums = 7a510b5bcd4a5acb394a5dbf4286bb41
-	md5sums = 9baf4f9dd1a5283b1577de5c4970f728
-	md5sums = febdfca7e698211aa1ecf529e9a3140c
+	source = postgresql-check-db-dir
+	sha256sums = 1645b3736901f6d854e695a937389e68ff2066ce0cde9d73919d6ab7c995b9c6
+	sha256sums = 887e567520d843f7e9f6e91820219979a4c6539d3ca6c56ebefd6d55360eddeb
+	sha256sums = 65cc43fbd76022254f31a5125deadb18e3240966dc058734d81fe602f99817d4
+	sha256sums = 57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5
+	sha256sums = 6abb842764bbed74ea4a269d24f1e73d1c0b1d8ecd6e2e6fb5fb10590298605e
+	sha256sums = c16981f70aca895d4a2adb36556213192776c1fc5bb75848a7f3211ad8d49c52
+	sha256sums = 2340da0947bcb1c5602008d0ca00588ca0bfa8aca4fa6947a8bdb2c6df800b0e
+	sha512sums = 97141972e154e6b0e756ee6a4e20f26e82022a9fd4c56305314a3a5567a79ece638e4ac3d513b46138737ae6bd27a098f30013a94767db151181aac9c01290a1
+	sha512sums = 279c119b0c177d49a22dff0e9eb047ecfca5419a2bdfbd9a5908f67dfb2467ba9cbf4eab6c5fd0f9f5d1412c44a9dd14f826a97c0a9b1b519eafdbade04b8c47
+	sha512sums = cbc1c017b7b666ee9ac1cf7826d7cb51d90408398d633055c946aa9b18f5c2f26114f8deaf6867b05bae991693bea2859f65da2632f2bc81fa5cd2a382c2be13
+	sha512sums = 1e6183ab0eb812b3ef687ac2c26ce78f7cb30540f606d20023669ac00ba04075487fb72e4dc89cc05dab0269ff6aca98fc1167cc75669c225b88b592482fbf67
+	sha512sums = 9ab4da01337ffbab8faec0e220aaa2a642dbfeccf7232ef2645bdc2177a953f17ee3cc14a4d8f8ebd064e1dae8b3dba6029adbffb8afaabea383963213941ba8
+	sha512sums = 32ae9fe9d7484f5254af3ae873d9469010581486081c92dc7c0fca6a4f763bc4f559e811b73e4eea4b2eff934f6b083aaed2e51fe517f018fc73bb1a3134232e
+	sha512sums = f12d8777ca819366eac959e023fedf2eb409aa3f358f56269e13e19185d6e9c93c1f2a6e37c8bc6465ab32a02ff83d9f196ddea3cddf24a9884be9ac6970dad2
 
 pkgname = postgresql-1c
+	pkgdesc = Custom version of PostgreSQL 9.6 for 1C system
+	install = postgresql.install
+	depends = postgresql-libs>=9.6.3
+	depends = krb5
+	depends = libxml2
+	depends = readline>=6.0
+	depends = openssl>=1.0.0
+	depends = pam
+	optdepends = python2: for PL/Python support
+	optdepends = perl: for PL/Perl support
+	optdepends = tcl: for PL/Tcl support
+	optdepends = postgresql-old-upgrade: upgrade from previous major version using pg_upgrade
+	provides = postgresql${pkgver}
+	conflicts = postgresql
+	options = staticlibs
+	backup = etc/pam.d/postgresql
+	backup = etc/logrotate.d/postgresql
 
diff --git a/PKGBUILD b/PKGBUILD
index 4bb8410ec6e6..1c7c0bd266f5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,51 +1,116 @@
-# Maintainer: Ivan Agarkov <ivan.agarkov@gmail.com>
-pkgname=postgresql-1c
-pkgver=9.4.2
-pkgrel=2
-pkgdesc="Custom version of PostgreSQL 9.4 for 1C system"
+# Maintainer: Mihail Repnenkov <mrepnenkov@gmail.com>
+# Contributor: Ivan Agarkov <ivan.agarkov@gmail.com>
+pkgname=('postgresql-1c')
+pkgver=9.6.3
+_majorver=${pkgver%.*}
+pkgrel=1
+pkgdesc="Custom version of PostgreSQL 9.6 for 1C system"
+url='https://www.postgresql.org/'
 arch=('i686' 'x86_64')
-url="http://v8.1c.ru/overview/postgres_patches_notes.htm"
-license=('Custom')
-depends=('libxml2' 'libxslt' 'icu' 'openssl')
-makedepends=('rpmextract' 'gcc' 'make' 'flex' 'bison')
-#checkdepends=()
-#optdepends=()
-#provides=()
-conflicts=('postgresql' 'postgresql-libs')
-replaces=('postgresql' 'postgresql-libs')
-source=("http://v8.1c.ru/overview/postgresql_patches/9-4-2/postgresql94-9.4.2-1.1c.src.rpm"
-"postgresql.conf" "postgresql.service" "postgresql.install")
-md5sums=('1b673a15fed9df8ca058bb8674dfd88a'
-         '7a510b5bcd4a5acb394a5dbf4286bb41'
-         '285c8d5ad993b5ec5c1383251cccf262'
-         'febdfca7e698211aa1ecf529e9a3140c')
-install=postgresql.install
-
-prepare() {
-	tar xfj "postgresql-9.4.2.tar.bz2"
-	cd "postgresql-9.4.2"
-	patch -p1 < ../1c_FULL_94-0.23
-	patch -p1 < ../applock-1c-9.4.patch
-	patch -p1 < ../online_analyze-9.4.patch
-	patch -p1 < ../plantuner.patch
-	patch -p1 < ../postgresql-1c-9.4.patch
-	patch -p1 < ../postgresql-logging.patch
-	patch -p1 < ../postgresql-perl-rpath.patch
-	patch -p1 < ../postgresql-prefer-ncurses.patch
-	patch -p1 < ../rpm-pgsql.patch
-}
+license=('custom')
+changelog=$pkgname.changelog
+makedepends=('krb5' 'libxml2' 'python2' 'perl' 'tcl>=8.6.0' 'openssl>=1.0.0' 'pam')
+source=(https://ftp.postgresql.org/pub/source/v${pkgver}/postgresql-${pkgver}.tar.bz2
+        postgresql-var-run-socket.patch
+        http://www.r-s-v.ru/1c-patch/1c-patch.tgz
+        postgresql.pam
+        postgresql.logrotate
+        postgresql.service
+        postgresql-check-db-dir)
+sha256sums=('1645b3736901f6d854e695a937389e68ff2066ce0cde9d73919d6ab7c995b9c6'
+            '887e567520d843f7e9f6e91820219979a4c6539d3ca6c56ebefd6d55360eddeb'
+            '65cc43fbd76022254f31a5125deadb18e3240966dc058734d81fe602f99817d4'
+            '57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5'
+            '6abb842764bbed74ea4a269d24f1e73d1c0b1d8ecd6e2e6fb5fb10590298605e'
+            'c16981f70aca895d4a2adb36556213192776c1fc5bb75848a7f3211ad8d49c52'
+            '2340da0947bcb1c5602008d0ca00588ca0bfa8aca4fa6947a8bdb2c6df800b0e')
+sha512sums=('97141972e154e6b0e756ee6a4e20f26e82022a9fd4c56305314a3a5567a79ece638e4ac3d513b46138737ae6bd27a098f30013a94767db151181aac9c01290a1'
+            '279c119b0c177d49a22dff0e9eb047ecfca5419a2bdfbd9a5908f67dfb2467ba9cbf4eab6c5fd0f9f5d1412c44a9dd14f826a97c0a9b1b519eafdbade04b8c47'
+            'cbc1c017b7b666ee9ac1cf7826d7cb51d90408398d633055c946aa9b18f5c2f26114f8deaf6867b05bae991693bea2859f65da2632f2bc81fa5cd2a382c2be13'
+            '1e6183ab0eb812b3ef687ac2c26ce78f7cb30540f606d20023669ac00ba04075487fb72e4dc89cc05dab0269ff6aca98fc1167cc75669c225b88b592482fbf67'
+            '9ab4da01337ffbab8faec0e220aaa2a642dbfeccf7232ef2645bdc2177a953f17ee3cc14a4d8f8ebd064e1dae8b3dba6029adbffb8afaabea383963213941ba8'
+            '32ae9fe9d7484f5254af3ae873d9469010581486081c92dc7c0fca6a4f763bc4f559e811b73e4eea4b2eff934f6b083aaed2e51fe517f018fc73bb1a3134232e'
+            'f12d8777ca819366eac959e023fedf2eb409aa3f358f56269e13e19185d6e9c93c1f2a6e37c8bc6465ab32a02ff83d9f196ddea3cddf24a9884be9ac6970dad2')
 
 build() {
-	cd "postgresql-9.4.2"
-	./configure --disable-rpath --prefix=/usr --libdir=/usr/lib/postgresql/ --with-openssl --with-libxml --with-libxslt --enable-nls
-	make all
-	make -C contrib all
+  cd postgresql-${pkgver}
+
+  patch -Np0 < ../postgresql-var-run-socket.patch
+  patch -p1 < ../00001-1c_FULL_96-0.23.patch
+  patch -p1 < ../00002-applock_remove_autogenerated_files.patch
+  patch -p1 < ../00003-applock.patch
+  patch -p1 < ../00004-online_analyze.patch
+  patch -p1 < ../00005-plantuner.patch
+  patch -p1 < ../00006-postgresql-1c-9.6.patch
+  patch -p1 < ../00007-exists_opt-2.patch
+
+  ./configure \
+    --prefix=/usr \
+    --mandir=/usr/share/man \
+    --datadir=/usr/share/postgresql \
+    --sysconfdir=/etc \
+    --with-gssapi \
+    --with-libxml \
+    --with-openssl \
+    --with-perl \
+    --with-python PYTHON=/usr/bin/python2 \
+    --with-tcl \
+    --with-pam \
+    --with-system-tzdata=/usr/share/zoneinfo \
+    --with-uuid=e2fs \
+    --enable-nls \
+    --enable-thread-safety \
+    --disable-integer-datetime
+
+  make world
 }
 
-package() {
-	cd "postgresql-9.4.2"
-	make DESTDIR="$pkgdir/" install
-	make -C contrib DESTDIR="$pkgdir/" install
-	install -D -c -m 0644 "$srcdir/postgresql.conf" "$pkgdir/etc/ld.so.conf.d/postgresql.conf"
-	install -D -c -m 0644 "$srcdir/postgresql.service" "$pkgdir/usr/lib/systemd/system/postgresql.service"
+package_postgresql-1c() {
+  conflicts=('postgresql')
+  provides=('postgresql${pkgver}')	
+  pkgdesc='Custom version of PostgreSQL 9.6 for 1C system'
+  backup=('etc/pam.d/postgresql' 'etc/logrotate.d/postgresql')
+  depends=("postgresql-libs>=${pkgver}" 'krb5' 'libxml2' 'readline>=6.0' 'openssl>=1.0.0' 'pam')
+  optdepends=('python2: for PL/Python support'
+              'perl: for PL/Perl support'
+              'tcl: for PL/Tcl support'
+              'postgresql-old-upgrade: upgrade from previous major version using pg_upgrade')
+  options=('staticlibs')
+  install=postgresql.install
+
+  cd postgresql-${pkgver}
+
+  # install
+  make DESTDIR="${pkgdir}" install
+  make -C contrib DESTDIR="${pkgdir}" install
+  make -C doc/src/sgml DESTDIR="${pkgdir}" install-man
+
+  # we don't want these, they are in the -libs package
+  for dir in src/interfaces src/bin/pg_config src/bin/pg_dump src/bin/psql src/bin/scripts; do
+    make -C ${dir} DESTDIR="${pkgdir}" uninstall
+  done
+  for util in pg_config pg_dump pg_dumpall pg_restore psql \
+      clusterdb createdb createlang createuser dropdb droplang dropuser pg_isready reindexdb vacuumdb; do
+    rm "${pkgdir}"/usr/share/man/man1/${util}.1
+  done
+
+  # install license
+  install -Dm 644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgbase}/LICENSE"
+
+  # clean up unneeded installed items
+  rm -rf "${pkgdir}/usr/include/postgresql/internal"
+  rm -rf "${pkgdir}/usr/include/libpq"
+  find "${pkgdir}/usr/include" -maxdepth 1 -type f -execdir rm {} +
+  rmdir "${pkgdir}/usr/share/doc/postgresql/html"
+
+  install -Dm 644 "${srcdir}/postgresql.service" \
+    "${pkgdir}/usr/lib/systemd/system/postgresql.service"
+  install -Dm 755 "${srcdir}/postgresql-check-db-dir" \
+    "${pkgdir}/usr/bin/postgresql-check-db-dir"
+
+  install -Dm 644 "${srcdir}/postgresql.pam" \
+    "${pkgdir}/etc/pam.d/postgresql"
+
+  install -Dm 644 "${srcdir}/postgresql.logrotate" \
+    "${pkgdir}/etc/logrotate.d/postgresql"
 }
diff --git a/postgresql-1c.changelog b/postgresql-1c.changelog
new file mode 100644
index 000000000000..ff4647bf51e3
--- /dev/null
+++ b/postgresql-1c.changelog
@@ -0,0 +1,15 @@
+The format of the cluster created by PostgreSQL 9.6.3-3.1C is changed
+The new cluster format is identical to the cluster format created by the standard version of PostgreSQL.
+In a cluster, the data type of the timestamp data type is set to integer_datetimes = on in accordance with the format,
+used by the standard version of PostgreSQL.
+Support for this version in 1C: Enterprise 8.3 is implemented in version 8.3.10 and later.
+Load testing was conducted on the versions 1C: Enterprise 8.3.10.
+To use PostgreSQL 9.6.3-3.1C with versions of 1C: Enterprise below 8.3.10, it is necessary to assemble it with the set parameter value integer_datetimes = off
+
+Изменен формат кластера, создаваемого PostgreSQL 9.6.3-3.1C
+Новый формат кластера идентичен формату кластера, создаваемого стандартной версией PostgreSQL.
+В кластере формат хранения типа данных timestamp установлен со значением integer_datetimes=on в соответствии с форматом,
+используемым стандартной версией PostgreSQL.
+Поддержка этой версии в 1С:Предприятии 8.3 реализована в версии 8.3.10 и старше.
+Нагрузочное тестирование проводилось на версиях 1С:Предприятия 8.3.10.
+Для использования PostgreSQL 9.6.3-3.1C с версиями 1С:Предприятия ниже 8.3.10 необходимо его собрать с установленным значением параметра integer_datetimes=off
diff --git a/postgresql-check-db-dir b/postgresql-check-db-dir
new file mode 100644
index 000000000000..aa51d7643535
--- /dev/null
+++ b/postgresql-check-db-dir
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# This script verifies that the postgresql data directory has been correctly
+# initialized.  We do not want to automatically initdb it, because that has
+# a risk of catastrophic failure (ie, overwriting a valuable database) in
+# corner cases, such as a remotely mounted database on a volume that's a
+# bit slow to mount.  But we can at least emit a message advising newbies
+# what to do.
+
+PGDATA="$1"
+
+if [ -z "$PGDATA" ]
+then
+    echo "Usage: $0 database-path"
+    exit 1
+fi
+
+# PGMAJORVERSION is major version
+PGMAJORVERSION=9.6
+# PREVMAJORVERSION is the previous major version
+PREVMAJORVERSION=9.5
+
+# Check for the PGDATA structure
+if [ -f "$PGDATA/PG_VERSION" ] && [ -d "$PGDATA/base" ]
+then
+    # Check version of existing PGDATA
+    if [ x`cat "$PGDATA/PG_VERSION"` = x"$PGMAJORVERSION" ]
+    then
+        : A-OK
+    elif [ x`cat "$PGDATA/PG_VERSION"` = x"$PREVMAJORVERSION" ]
+    then
+        echo $"An old version of the database format was found."
+        echo $"See https://wiki.archlinux.org/index.php/PostgreSQL#Upgrading_PostgreSQL"
+        exit 1
+    else
+        echo $"An old version of the database format was found."
+        echo $"You need to dump and reload before using PostgreSQL $PGMAJORVERSION."
+        echo $"See http://www.postgresql.org/docs/$PGMAJORVERSION/static/upgrading.html"
+        exit 1
+    fi
+else
+    # No existing PGDATA! Warn the user to initdb it.
+    echo $"\"$PGDATA\" is missing or empty. Use a command like"
+    echo $"  su - postgres -c \"initdb --locale en_US.UTF-8 -D '$PGDATA'\""
+    echo $"with relevant options, to initialize the database cluster."
+    exit 1
+fi
+
+exit 0
diff --git a/postgresql-var-run-socket.patch b/postgresql-var-run-socket.patch
new file mode 100644
index 000000000000..40ff0e05e3eb
--- /dev/null
+++ b/postgresql-var-run-socket.patch
@@ -0,0 +1,47 @@
+Change the built-in default socket directory to be /var/run/postgresql.
+For backwards compatibility with (probably non-libpq-based) clients that
+might still expect to find the socket in /tmp, also create a socket in
+/tmp.  This is to resolve communication problems with clients operating
+under systemd's PrivateTmp environment, which won't be using the same
+global /tmp directory as the server; see bug #825448.
+
+Note that we apply the socket directory change at the level of the
+hard-wired defaults in the C code, not by just twiddling the setting in
+postgresql.conf.sample; this is so that the change will take effect on
+server package update, without requiring any existing postgresql.conf
+to be updated.  (Of course, a user who dislikes this behavior can still
+override it via postgresql.conf.)
+
+--- src/backend/utils/misc/guc.c.old	2016-09-28 23:52:17.410314055 +0300
++++ src/backend/utils/misc/guc.c	2016-09-28 23:53:01.735921591 +0300
+@@ -3353,7 +3353,7 @@
+ 		},
+ 		&Unix_socket_directories,
+ #ifdef HAVE_UNIX_SOCKETS
+-		DEFAULT_PGSOCKET_DIR,
++		DEFAULT_PGSOCKET_DIR ", /tmp",
+ #else
+ 		"",
+ #endif
+--- src/bin/initdb/initdb.c.old	2016-09-28 23:53:22.081741447 +0300
++++ src/bin/initdb/initdb.c	2016-09-28 23:53:42.546560249 +0300
+@@ -1221,7 +1221,7 @@
+ 
+ #ifdef HAVE_UNIX_SOCKETS
+ 	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'",
+-			 DEFAULT_PGSOCKET_DIR);
++			 DEFAULT_PGSOCKET_DIR ", /tmp");
+ #else
+ 	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''");
+ #endif
+--- src/include/pg_config_manual.h.old	2016-09-28 23:54:02.615382558 +0300
++++ src/include/pg_config_manual.h	2016-09-28 23:54:22.287208381 +0300
+@@ -164,7 +164,7 @@
+  * here's where to twiddle it.  You can also override this at runtime
+  * with the postmaster's -k switch.
+  */
+-#define DEFAULT_PGSOCKET_DIR  "/tmp"
++#define DEFAULT_PGSOCKET_DIR  "/var/run/postgresql"
+ 
+ /*
+  * This is the default event source for Windows event log.
diff --git a/postgresql.install b/postgresql.install
index 203e0040fda8..0d23d474a0c2 100644
--- a/postgresql.install
+++ b/postgresql.install
@@ -1,36 +1,25 @@
-# This is a default template for a post-install scriptlet.
-# Uncomment only required functions and remove any functions
-# you don't need (and this header).
-
-## arg 1:  the new package version
-#pre_install() {
-	# do something here
-#}
-
-## arg 1:  the new package version
 post_install() {
-	ldconfig
-	grep -q postgres /etc/passwd && useradd -d /var/lib/postgres -m postgres && su - postgres -c 'initdb -D /var/lib/postgres/data'
+  if [ ! -d '/var/lib/postgres' ]; then
+    mkdir -p '/var/lib/postgres'
+  fi
+  if ! getent group postgres >/dev/null; then
+    groupadd -g 88 postgres
+  fi
+  if ! getent passwd postgres >/dev/null; then
+    useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+    passwd -l postgres >/dev/null
+  fi
+  if [ ! -d '/var/lib/postgres/data' ]; then
+    mkdir -p '/var/lib/postgres/data'
+    chown postgres:postgres '/var/lib/postgres/data'
+  fi
 }
 
-## arg 1:  the new package version
-## arg 2:  the old package version
-#pre_upgrade() {
-	# do something here
-#}
-
-## arg 1:  the new package version
-## arg 2:  the old package version
-#post_upgrade() {
-	# do something here
-#}
-
-## arg 1:  the old package version
-#pre_remove() {
-	# do something here
-#}
-
-## arg 1:  the old package version
-post_remove() {
-	ldconfig
+post_upgrade() {
+  post_install $1
+  # FS#23858, fix postgres user shell issue
+  postgres_shell=$(getent passwd postgres | cut -d: -f7)
+  if [ "$postgres_shell" = "/sbin/nologin" ]; then
+    chsh -s /bin/bash postgres
+  fi
 }
diff --git a/postgresql.logrotate b/postgresql.logrotate
new file mode 100644
index 000000000000..9c36918be5e5
--- /dev/null
+++ b/postgresql.logrotate
@@ -0,0 +1,4 @@
+/var/log/postgresql.log {
+   copytruncate
+   missingok
+}
diff --git a/postgresql.pam b/postgresql.pam
new file mode 100644
index 000000000000..53724d1f86a7
--- /dev/null
+++ b/postgresql.pam
@@ -0,0 +1,3 @@
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
diff --git a/postgresql.service b/postgresql.service
index f2eaa51f4eb7..68742b6b0bea 100644
--- a/postgresql.service
+++ b/postgresql.service
@@ -1,9 +1,9 @@
 [Unit]
-Description=PostgreSQL-1C database server
+Description=PostgreSQL database server
 After=network.target
 
 [Service]
-Type=simple
+Type=forking
 TimeoutSec=120
 User=postgres
 Group=postgres
@@ -11,11 +11,25 @@ Group=postgres
 Environment=PGROOT=/var/lib/postgres
 
 SyslogIdentifier=postgres
-PIDFile=/var/lib/postgres/postmaster.pid
-ExecStart=/usr/bin/postgres -D ${PGROOT}/data
-PrivateTmp=yes
+PIDFile=/var/lib/postgres/data/postmaster.pid
+RuntimeDirectory=postgresql
+RuntimeDirectoryMode=755
+
+ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data
+ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120
+ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload
+ExecStop=  /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast
+
+# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
+# killing Postgres, so adjust it downward
 OOMScoreAdjust=-200
 
+# Additional security-related features
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+
 [Install]
 WantedBy=multi-user.target