From b10ce3145d75b510065a54151a7fdce2eb337c96 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Fri, 28 Mar 2025 11:49:15 -0400
Subject: [PATCH 1/2] start_for_complement.sh: use more shell builtins

Avoid calling external tools when shell builtins suffice.
---
 docker/complement/conf/start_for_complement.sh | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docker/complement/conf/start_for_complement.sh b/docker/complement/conf/start_for_complement.sh
index 59b30e2051..a5e06396e2 100755
--- a/docker/complement/conf/start_for_complement.sh
+++ b/docker/complement/conf/start_for_complement.sh
@@ -9,7 +9,7 @@ echo "  Args: $*"
 echo "  Env: SYNAPSE_COMPLEMENT_DATABASE=$SYNAPSE_COMPLEMENT_DATABASE SYNAPSE_COMPLEMENT_USE_WORKERS=$SYNAPSE_COMPLEMENT_USE_WORKERS SYNAPSE_COMPLEMENT_USE_ASYNCIO_REACTOR=$SYNAPSE_COMPLEMENT_USE_ASYNCIO_REACTOR"
 
 function log {
-    d=$(date +"%Y-%m-%d %H:%M:%S,%3N")
+    d=$(printf '%(%Y-%m-%d %H:%M:%S)T,%.3s\n' ${EPOCHREALTIME/./ })
     echo "$d $*"
 }
 
@@ -103,12 +103,11 @@ fi
 # Note that both the key and certificate are in PEM format (not DER).
 
 # First generate a configuration file to set up a Subject Alternative Name.
-cat > /conf/server.tls.conf <<EOF
+echo "\
 .include /etc/ssl/openssl.cnf
 
 [SAN]
-subjectAltName=DNS:${SERVER_NAME}
-EOF
+subjectAltName=DNS:${SERVER_NAME}" > /conf/server.tls.conf
 
 # Generate an RSA key
 openssl genrsa -out /conf/server.tls.key 2048
@@ -123,8 +122,8 @@ openssl x509 -req -in /conf/server.tls.csr \
   -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
 
 # Assert that we have a Subject Alternative Name in the certificate.
-# (grep will exit with 1 here if there isn't a SAN in the certificate.)
-openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
+# (the test will exit with 1 here if there isn't a SAN in the certificate.)
+[[ $(openssl x509 -in /conf/server.tls.crt -noout -text) == *DNS:* ]]
 
 export SYNAPSE_TLS_CERT=/conf/server.tls.crt
 export SYNAPSE_TLS_KEY=/conf/server.tls.key

From 7ce0b99c8a3223f5c533209568d5256c0c5e9896 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Fri, 28 Mar 2025 12:43:11 -0400
Subject: [PATCH 2/2] Add changelog

---
 changelog.d/18293.docker | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/18293.docker

diff --git a/changelog.d/18293.docker b/changelog.d/18293.docker
new file mode 100644
index 0000000000..df47a68bfe
--- /dev/null
+++ b/changelog.d/18293.docker
@@ -0,0 +1 @@
+In start_for_complement.sh, replace some external program calls with shell builtins.