From cdd56d3b51e4b936f695e444a52eee019561ebb6 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 6 Oct 2022 17:02:31 -0700 Subject: [PATCH 001/142] Update 15 to 15rc2, bullseye 15~rc2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 123d494000..97b230bb96 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc1 -ENV PG_SHA256 576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4 +ENV PG_VERSION 15rc2 +ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1a6471f343..7a4fe20428 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc1-1.pgdg110+1 +ENV PG_VERSION 15~rc2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5b250d2f07..14ad08559b 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc1-1.pgdg110+1" + "version": "15~rc2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "576476fab0d49f05f27625e1d6ed433e6e1358fabba92ae41780421e65fa7ad4", - "version": "15rc1" + "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", + "version": "15rc2" } } From 6928f4995329cb0795d2aa2b88ad2c21685e35f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:15:53 -0700 Subject: [PATCH 002/142] Update 14 to bullseye 14.5-2.pgdg110+2 --- 14/bullseye/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3764276197..471cf8834d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-1.pgdg110+1 +ENV PG_VERSION 14.5-2.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 14ad08559b..4ea4e56876 100644 --- a/versions.json +++ b/versions.json @@ -79,7 +79,7 @@ "arm64", "ppc64el" ], - "version": "14.5-1.pgdg110+1" + "version": "14.5-2.pgdg110+2" }, "debian": "bullseye", "debianSuites": [ From 648e5c7dc31db0e34d8dc11891ccc50641ba6e42 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 14 Oct 2022 09:20:15 -0700 Subject: [PATCH 003/142] Update 15 to 15.0, bullseye 15.0-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 97b230bb96..a2e7b3e2a4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15rc2 -ENV PG_SHA256 11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23 +ENV PG_VERSION 15.0 +ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 7a4fe20428..a9de19884a 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15~rc2-1.pgdg110+1 +ENV PG_VERSION 15.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ea4e56876..2508e1cc35 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15~rc2-1.pgdg110+1" + "version": "15.0-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "11739405e96699198733f4a0055362262c9c89f32d2e835e0b815687d700cc23", - "version": "15rc2" + "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", + "version": "15.0" } } From 747be5974512adedb4ccacf4a77002d41137de15 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 14 Oct 2022 09:36:23 -0700 Subject: [PATCH 004/142] Update "latest" to 15 (GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e52e4f7c08..cef5d3534f 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [14]='latest' + [15]='latest' ) self="$(basename "$BASH_SOURCE")" From 44bad5f836123873a48125931a686678c5952788 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 14 Oct 2022 17:25:35 -0700 Subject: [PATCH 005/142] Switch to "$GITHUB_OUTPUT"; update actions/checkout to v3 - https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands - https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter --- .github/workflows/ci.yml | 6 +++--- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e74cc5e9c2..75cd4fbe47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,15 +18,15 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - id: generate-jobs name: Generate Jobs run: | git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid - echo "::set-output name=strategy::$strategy" test: needs: generate-jobs @@ -34,7 +34,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 7e833f1c7d..14497bec68 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -13,7 +13,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 14022440352a9e24d86cae450600ea56969d234b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:02:18 -0800 Subject: [PATCH 006/142] Update 11 to 11.18, bullseye 11.18-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 2502ad1c29..48fa554f52 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.17 -ENV PG_SHA256 6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4 +ENV PG_VERSION 11.18 +ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f8131d95fc..4c5f93e093 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.17-1.pgdg110+1 +ENV PG_VERSION 11.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2508e1cc35..4ee525bc67 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "11.17-1.pgdg110+1" + "version": "11.18-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "6e984963ae0765e61577995103a7e6594db0f0bd01528ac123e0de4a6a4cb4c4", - "version": "11.17" + "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", + "version": "11.18" }, "12": { "alpine": "3.16", From 5ca94d535d75308b16125d132048bf93172521db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:07:02 -0800 Subject: [PATCH 007/142] Update 12 to 12.13, bullseye 12.13-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 3fb6202d5e..d59fd9a1e1 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.12 -ENV PG_SHA256 34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c +ENV PG_VERSION 12.13 +ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 8c9ea9c08a..2f00df2616 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.12-1.pgdg110+1 +ENV PG_VERSION 12.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4ee525bc67..7e44b93049 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "12.12-1.pgdg110+1" + "version": "12.13-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "34b3f1c69408e22068c0c71b1827691f1c89153b0ad576c1a44f8920a858039c", - "version": "12.12" + "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", + "version": "12.13" }, "13": { "alpine": "3.16", From 883b1c3f7b485153ec5d841271801ee436ec3314 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:11:01 -0800 Subject: [PATCH 008/142] Update 13 to 13.9, bullseye 13.9-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index e071ac9efc..703a793a92 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.8 -ENV PG_SHA256 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded +ENV PG_VERSION 13.9 +ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d79591ddb3..3e00f722a5 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.8-1.pgdg110+1 +ENV PG_VERSION 13.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7e44b93049..b5f722a91d 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "13.8-1.pgdg110+1" + "version": "13.9-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded", - "version": "13.8" + "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", + "version": "13.9" }, "14": { "alpine": "3.16", From e8ba287990e5e312278fc59131f8a796953dc6c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:15:16 -0800 Subject: [PATCH 009/142] Update 14 to 14.6, bullseye 14.6-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 6a83c457cc..bca6315f25 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.5 -ENV PG_SHA256 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 +ENV PG_VERSION 14.6 +ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 471cf8834d..bf340e02d9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.5-2.pgdg110+2 +ENV PG_VERSION 14.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b5f722a91d..beb7c37ad4 100644 --- a/versions.json +++ b/versions.json @@ -79,15 +79,15 @@ "arm64", "ppc64el" ], - "version": "14.5-2.pgdg110+2" + "version": "14.6-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30", - "version": "14.5" + "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", + "version": "14.6" }, "15": { "alpine": "3.16", From 75d0c1135e1cfd183bf7ee0970b7031986b0710d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 11:19:30 -0800 Subject: [PATCH 010/142] Update 15 to 15.1, bullseye 15.1-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index a2e7b3e2a4..f328cb3617 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.0 -ENV PG_SHA256 72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6 +ENV PG_VERSION 15.1 +ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9de19884a..42ce76c452 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.0-1.pgdg110+1 +ENV PG_VERSION 15.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index beb7c37ad4..6735bcb682 100644 --- a/versions.json +++ b/versions.json @@ -97,14 +97,14 @@ "arm64", "ppc64el" ], - "version": "15.0-1.pgdg110+1" + "version": "15.1-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "72ec74f4a7c16e684f43ea42e215497fcd4c55d028a68fb72e99e61ff40da4d6", - "version": "15.0" + "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", + "version": "15.1" } } From c3a0b48216491953f25344c3fef1b02ed157ff3e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Nov 2022 12:28:06 -0800 Subject: [PATCH 011/142] Update 10 to 10.23, bullseye 10.23-1.pgdg110+1 --- 10/alpine/Dockerfile | 4 ++-- 10/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile index 24a8d454df..19dfb686fb 100644 --- a/10/alpine/Dockerfile +++ b/10/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 10 -ENV PG_VERSION 10.22 -ENV PG_SHA256 955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d +ENV PG_VERSION 10.23 +ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 RUN set -eux; \ \ diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index f696f4fd4e..7e8612a74c 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 10.22-1.pgdg110+1 +ENV PG_VERSION 10.23-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6735bcb682..4a370eae57 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "10.22-1.pgdg110+1" + "version": "10.23-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 10, - "sha256": "955977555c69df1a64f44b81d4a1987eb74abbd1870579f5ad9d946133dd8e4d", - "version": "10.22" + "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", + "version": "10.23" }, "11": { "alpine": "3.16", From d3ceefcaaaa49f923e7c1cbeaf00b04ea48f0662 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 10 Nov 2022 12:39:01 -0800 Subject: [PATCH 012/142] Remove PostgreSQL 10 (now EOL) https://www.postgresql.org/about/news/postgresql-151-146-139-1213-1118-and-1023-released-2543/ --- 10/alpine/Dockerfile | 189 ----------------- 10/alpine/docker-entrypoint.sh | 346 ------------------------------- 10/bullseye/Dockerfile | 223 -------------------- 10/bullseye/docker-entrypoint.sh | 346 ------------------------------- versions.json | 18 -- versions.sh | 1 - 6 files changed, 1123 deletions(-) delete mode 100644 10/alpine/Dockerfile delete mode 100755 10/alpine/docker-entrypoint.sh delete mode 100644 10/bullseye/Dockerfile delete mode 100755 10/bullseye/docker-entrypoint.sh diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile deleted file mode 100644 index 19dfb686fb..0000000000 --- a/10/alpine/Dockerfile +++ /dev/null @@ -1,189 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.16 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 10 -ENV PG_VERSION 10.23 -ENV PG_SHA256 94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-krb5 \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh deleted file mode 100755 index 07b0cdce33..0000000000 --- a/10/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile deleted file mode 100644 index 7e8612a74c..0000000000 --- a/10/bullseye/Dockerfile +++ /dev/null @@ -1,223 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 10 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 10.23-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/10/bullseye/docker-entrypoint.sh b/10/bullseye/docker-entrypoint.sh deleted file mode 100755 index 1896cd85c5..0000000000 --- a/10/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - echo "$0: running $f" - "$f" - else - echo "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo - else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index 4a370eae57..7d46bb2940 100644 --- a/versions.json +++ b/versions.json @@ -1,22 +1,4 @@ { - "10": { - "alpine": "3.16", - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el" - ], - "version": "10.23-1.pgdg110+1" - }, - "debian": "", - "debianSuites": [ - "bullseye" - ], - "major": 10, - "sha256": "94a4b2528372458e5662c18d406629266667c437198160a18cdfd2c4a4d6eee9", - "version": "10.23" - }, "11": { "alpine": "3.16", "bullseye": { diff --git a/versions.sh b/versions.sh index 045c297343..f08a00274d 100755 --- a/versions.sh +++ b/versions.sh @@ -4,7 +4,6 @@ set -Eeuo pipefail # https://github.com/docker-library/postgres/issues/582 😬 defaultDebianSuite='bullseye' declare -A debianSuites=( - [10]='' [11]='' ) allDebianSuites=( From 9e5ad3050bd0b42901975cbb947c21b6b8f56e4b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Nov 2022 14:07:28 -0800 Subject: [PATCH 013/142] Use new "bashbrew" composite action --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75cd4fbe47..7bc4fdff0b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,11 +19,11 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs run: | - git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew - strategy="$(~/bashbrew/scripts/github-actions/generate.sh)" + strategy="$("$BASHBREW_SCRIPTS/github-actions/generate.sh")" strategy="$(.github/workflows/munge.sh -c <<<"$strategy")" echo "strategy=$strategy" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # sanity check / debugging aid From a0d95cc7bbbf262c795831836618f8705b74f303 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 30 Nov 2022 17:06:26 +0100 Subject: [PATCH 014/142] Update to alpine 3.17 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 48fa554f52..ce4f716d15 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d59fd9a1e1..53058f1d4e 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 703a793a92..da784d5f9c 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index bca6315f25..03dcb2406e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index f328cb3617..e2696b0f83 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index 7d46bb2940..90629103db 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -18,7 +18,7 @@ "version": "11.18" }, "12": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -36,7 +36,7 @@ "version": "12.13" }, "13": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -54,7 +54,7 @@ "version": "13.9" }, "14": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", @@ -72,7 +72,7 @@ "version": "14.6" }, "15": { - "alpine": "3.16", + "alpine": "3.17", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index f08a00274d..e0bead30d2 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.16' +defaultAlpineVersion='3.17' declare -A alpineVersions=( #[14]='3.16' ) From a2d5beb991190467e462d6e151c98fafc338ce94 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Wed, 21 Sep 2022 20:29:33 +0200 Subject: [PATCH 015/142] Add nss_wrapper to alpine images to run container with different user Signed-off-by: Wolfgang Walther --- 11/alpine/Dockerfile | 1 + 12/alpine/Dockerfile | 1 + 13/alpine/Dockerfile | 1 + 14/alpine/Dockerfile | 1 + 15/alpine/Dockerfile | 1 + Dockerfile-alpine.template | 1 + 6 files changed, 6 insertions(+) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ce4f716d15..3aeba17f4d 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 53058f1d4e..49c6075c27 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index da784d5f9c..267ba279b3 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,6 +124,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 03dcb2406e..41f118eba9 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,6 +127,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index e2696b0f83..af78dacb31 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,6 +130,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 75b6ec25cd..853d1de137 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,6 +136,7 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ + nss_wrapper \ su-exec \ tzdata \ zstd \ From f8827c3ce62f7a2f560db2b3b1c566965a7ec5c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 20 Dec 2022 14:23:18 -0800 Subject: [PATCH 016/142] Update generated README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bfd66bde28..09b82c90c2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ For outstanding `postgres` image PRs, check [PRs with the "library/postgres" lab --- -- [![build status badge](https://img.shields.io/github/workflow/status/docker-library/postgres/GitHub%20CI/master?label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) - [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) | Build | Status | Badges | (per-arch) | From 7e5e7ece73bf021d9b0797582648424d3a7deb87 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 21 Dec 2022 10:42:36 -0800 Subject: [PATCH 017/142] Convert all entrypoint "echo"s to "printf" The use of the `echo` shell built-in has been actively discouraged for a long time, but it's really convenient so we keep doing it. This converts them all to use `printf` appropriately such that we avoid issues like `echo "$someVar"` from doing the wrong thing if `$someVar` is `-n` or similar. --- 11/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 12/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 13/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 14/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/alpine/docker-entrypoint.sh | 52 +++++++++++++++++--------------- 15/bullseye/docker-entrypoint.sh | 52 +++++++++++++++++--------------- docker-entrypoint.sh | 52 +++++++++++++++++--------------- 11 files changed, 308 insertions(+), 264 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index 07b0cdce33..ce794a289f 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1896cd85c5..7167ae3945 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,7 +11,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" exit 1 fi local val="$def" @@ -77,8 +77,8 @@ docker_init_database_dir() { NSS_WRAPPER_GROUP="$(mktemp)" export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP local gid; gid="$(id -g)" - echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" break fi done @@ -88,7 +88,7 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then @@ -157,7 +157,7 @@ docker_process_init_files() { # psql here for backwards compatibility "${psql[@]}" psql=( docker_process_sql ) - echo + printf '\n' local f for f; do case "$f" in @@ -165,20 +165,20 @@ docker_process_init_files() { # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 # https://github.com/docker-library/postgres/pull/452 if [ -x "$f" ]; then - echo "$0: running $f" + printf '%s: running %s\n' "$0" "$f" "$f" else - echo "$0: sourcing $f" + printf '%s: sourcing %s\n' "$0" "$f" . "$f" fi ;; - *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) echo "$0: ignoring $f" ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; esac - echo + printf '\n' done } @@ -209,7 +209,7 @@ docker_setup_db() { POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL' CREATE DATABASE :"db" ; EOSQL - echo + printf '\n' fi } @@ -243,12 +243,12 @@ pg_setup_hba_conf() { auth="$(postgres -C password_encryption "$@")" : "${POSTGRES_HOST_AUTH_METHOD:=$auth}" { - echo + printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - echo '# warning trust is enabled for all connections' - echo '# see https://www.postgresql.org/docs/12/auth-trust.html' + printf '# warning trust is enabled for all connections\n' + printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' fi - echo "host all all all $POSTGRES_HOST_AUTH_METHOD" + printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" } @@ -328,13 +328,17 @@ _main() { docker_temp_server_stop unset PGPASSWORD - echo - echo 'PostgreSQL init process complete; ready for start up.' - echo + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM else - echo - echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization' - echo + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM fi fi From 41bd7bf3f487e6dc0036fd73efaff6ccb6fbbacd Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 22 Dec 2022 13:29:17 -0800 Subject: [PATCH 018/142] Add newline to `POSTGRES_PASSWORD` file for initdb https://github.com/docker-library/postgres/issues/1024 converted all `echo` calls to `printf`, but this change causes the password file used by `initdb` to be blank rather than contain a single newline. As a result, `initdb` will fail to start with an empty value with the error: ``` initdb: error: password file "/dev/fd/63" is empty ``` `POSTGRES_PASSWORD` can be blank if `POSTGRES_HOST_AUTH_METHOD=trust` is used. This change adds a newline to restore the original behavior. Closes #1025 --- 11/alpine/docker-entrypoint.sh | 3 ++- 11/bullseye/docker-entrypoint.sh | 3 ++- 12/alpine/docker-entrypoint.sh | 3 ++- 12/bullseye/docker-entrypoint.sh | 3 ++- 13/alpine/docker-entrypoint.sh | 3 ++- 13/bullseye/docker-entrypoint.sh | 3 ++- 14/alpine/docker-entrypoint.sh | 3 ++- 14/bullseye/docker-entrypoint.sh | 3 ++- 15/alpine/docker-entrypoint.sh | 3 ++- 15/bullseye/docker-entrypoint.sh | 3 ++- docker-entrypoint.sh | 3 ++- 11 files changed, 22 insertions(+), 11 deletions(-) diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index ce794a289f..d34886ea14 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7167ae3945..749445d218 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -88,7 +88,8 @@ docker_init_database_dir() { set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" fi - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' # unset/cleanup "nss_wrapper" bits if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then From 6ee0f2865b23484fefb785ba70b9d404f2bb0cd4 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 22 Dec 2022 14:28:39 -0800 Subject: [PATCH 019/142] Skip unavailable nss_wrapper on ppc64le --- 11/alpine/Dockerfile | 4 +++- 12/alpine/Dockerfile | 4 +++- 13/alpine/Dockerfile | 4 +++- 14/alpine/Dockerfile | 4 +++- 15/alpine/Dockerfile | 4 +++- Dockerfile-alpine.template | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 3aeba17f4d..787c3b58e4 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 49c6075c27..d529dd6f55 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 267ba279b3..a65d5d067f 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -124,12 +124,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 41f118eba9..e0075306e4 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -127,12 +127,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index af78dacb31..009a3d06cc 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -130,12 +130,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 853d1de137..84769baef9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -136,12 +136,14 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - nss_wrapper \ su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ cd /; \ From 186c93e85d4c4fcee8c300fdfd2e9991c5d3efc9 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Jan 2023 10:41:32 -0800 Subject: [PATCH 020/142] Update to gosu 1.16 See https://github.com/tianon/gosu/releases/tag/1.16 (especially https://github.com/tianon/gosu/blob/master/SECURITY.md) --- 11/bullseye/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 4c5f93e093..04752d1c9f 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2f00df2616..6e100eaca5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e00f722a5..92ba387966 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index bf340e02d9..0f3e4a0a9e 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 42ce76c452..2f7f062ddf 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -28,7 +28,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ed68a99ea1..49b412d55e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -22,7 +22,7 @@ RUN set -eux; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.14 +ENV GOSU_VERSION 1.16 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From a7280426538a4977564dd7252c67dfbc89da263e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:02:36 -0800 Subject: [PATCH 021/142] Update 12 to 12.14, bullseye 12.14-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index d529dd6f55..f63728a701 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.13 -ENV PG_SHA256 b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d +ENV PG_VERSION 12.14 +ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6e100eaca5..41d75da7a6 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.13-1.pgdg110+1 +ENV PG_VERSION 12.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 90629103db..2de9912763 100644 --- a/versions.json +++ b/versions.json @@ -25,15 +25,15 @@ "arm64", "ppc64el" ], - "version": "12.13-1.pgdg110+1" + "version": "12.14-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "b6c623046af4548f11a84b407934d675d11ed070c793d15b04683bf5f322e02d", - "version": "12.13" + "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", + "version": "12.14" }, "13": { "alpine": "3.17", From c5d3ed25bad6c9977cc6ef8dfebb07dabdb40763 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:06:56 -0800 Subject: [PATCH 022/142] Update 13 to 13.10, bullseye 13.10-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index a65d5d067f..3006bd0fd9 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.9 -ENV PG_SHA256 ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415 +ENV PG_VERSION 13.10 +ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 92ba387966..733f6dde47 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.9-1.pgdg110+1 +ENV PG_VERSION 13.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2de9912763..3d0a07d277 100644 --- a/versions.json +++ b/versions.json @@ -43,15 +43,15 @@ "arm64", "ppc64el" ], - "version": "13.9-1.pgdg110+1" + "version": "13.10-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "ef1966c0a5e49fbed3370ad2824928cb6b1164617aeeae1606da283f7f33a415", - "version": "13.9" + "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", + "version": "13.10" }, "14": { "alpine": "3.17", From 76f8f6610e744c5f7c164027f70baed8652189b3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:11:09 -0800 Subject: [PATCH 023/142] Update 14 to 14.7, bullseye 14.7-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index e0075306e4..895c57a15e 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.6 -ENV PG_SHA256 508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22 +ENV PG_VERSION 14.7 +ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0f3e4a0a9e..5bfaee23c0 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.6-1.pgdg110+1 +ENV PG_VERSION 14.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3d0a07d277..0b4f9e04d7 100644 --- a/versions.json +++ b/versions.json @@ -61,15 +61,15 @@ "arm64", "ppc64el" ], - "version": "14.6-1.pgdg110+1" + "version": "14.7-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "508840fc1809d39ab72274d5f137dabb9fd7fb4f933da4168aeebb20069edf22", - "version": "14.6" + "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", + "version": "14.7" }, "15": { "alpine": "3.17", From ef45b990868d5a0053bd30fdbae36551b46b76c9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:14:50 -0800 Subject: [PATCH 024/142] Update 15 to 15.2, bullseye 15.2-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 009a3d06cc..db702b19f8 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.1 -ENV PG_SHA256 64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae +ENV PG_VERSION 15.2 +ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2f7f062ddf..a9480e325c 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.1-1.pgdg110+1 +ENV PG_VERSION 15.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b4f9e04d7..63691e52f5 100644 --- a/versions.json +++ b/versions.json @@ -79,14 +79,14 @@ "arm64", "ppc64el" ], - "version": "15.1-1.pgdg110+1" + "version": "15.2-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "64fdf23d734afad0dfe4077daca96ac51dcd697e68ae2d3d4ca6c45cb14e21ae", - "version": "15.1" + "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", + "version": "15.2" } } From 156d0659d047578f06aa8785cf12d547c6a5ccfd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Feb 2023 11:50:24 -0800 Subject: [PATCH 025/142] Update 11 to 11.19, bullseye 11.19-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 787c3b58e4..26b8786583 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.18 -ENV PG_SHA256 d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504 +ENV PG_VERSION 11.19 +ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 04752d1c9f..53fe1d791d 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.18-1.pgdg110+1 +ENV PG_VERSION 11.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 63691e52f5..d214443618 100644 --- a/versions.json +++ b/versions.json @@ -7,15 +7,15 @@ "arm64", "ppc64el" ], - "version": "11.18-1.pgdg110+1" + "version": "11.19-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "d24f20efc52e918acfbcca21e9cea28e0e263b846a0c408fcfac3b3c4a0f7504", - "version": "11.18" + "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", + "version": "11.19" }, "12": { "alpine": "3.17", From 25b3034e9b0155c3e71acaf650243e7d12a571c1 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 10 Mar 2023 16:05:06 -0800 Subject: [PATCH 026/142] Update permissions from 777 to 1777 This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine/Dockerfile | 4 ++-- 11/alpine/docker-entrypoint.sh | 4 ++-- 11/bullseye/docker-entrypoint.sh | 4 ++-- 12/alpine/Dockerfile | 4 ++-- 12/alpine/docker-entrypoint.sh | 4 ++-- 12/bullseye/docker-entrypoint.sh | 4 ++-- 13/alpine/Dockerfile | 4 ++-- 13/alpine/docker-entrypoint.sh | 4 ++-- 13/bullseye/docker-entrypoint.sh | 4 ++-- 14/alpine/Dockerfile | 4 ++-- 14/alpine/docker-entrypoint.sh | 4 ++-- 14/bullseye/docker-entrypoint.sh | 4 ++-- 15/alpine/Dockerfile | 4 ++-- 15/alpine/docker-entrypoint.sh | 4 ++-- 15/bullseye/docker-entrypoint.sh | 4 ++-- Dockerfile-alpine.template | 4 ++-- docker-entrypoint.sh | 4 ++-- 17 files changed, 34 insertions(+), 34 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 26b8786583..51c03ad1ed 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/11/bullseye/docker-entrypoint.sh +++ b/11/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index f63728a701..a96a546e71 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/12/alpine/docker-entrypoint.sh +++ b/12/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 3006bd0fd9..4cd84cdc74 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -149,11 +149,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/13/alpine/docker-entrypoint.sh +++ b/13/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 895c57a15e..532ff95e2b 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -152,11 +152,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine/docker-entrypoint.sh b/14/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/14/alpine/docker-entrypoint.sh +++ b/14/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index db702b19f8..90b2988f4e 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -155,11 +155,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine/docker-entrypoint.sh b/15/alpine/docker-entrypoint.sh index d34886ea14..a383a36487 100755 --- a/15/alpine/docker-entrypoint.sh +++ b/15/alpine/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 84769baef9..57807bc851 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -161,11 +161,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 749445d218..0ae0ecf8c2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -38,11 +38,11 @@ docker_create_db_directories() { mkdir -p "$PGDATA" # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 700 "$PGDATA" || : + chmod 00700 "$PGDATA" || : # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 mkdir -p /var/run/postgresql || : - chmod 775 /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : # Create the transaction log directory before initdb is run so the directory is owned by the correct user if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then From 9b2559be2f13d24554516da5217950b2d41c447b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 24 Apr 2023 17:04:38 -0700 Subject: [PATCH 027/142] Update 11 --- 11/bullseye/Dockerfile | 2 +- versions.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 53fe1d791d..dc21b05058 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -97,7 +97,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index d214443618..fa4916cb86 100644 --- a/versions.json +++ b/versions.json @@ -5,7 +5,8 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], "version": "11.19-1.pgdg110+1" }, From dd68d91377a3631b36a23f2e4795f6189db4ba12 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 28 Apr 2023 15:09:00 -0700 Subject: [PATCH 028/142] Remove explicit `dirmngr` reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is pulled in automatically via `gnupg`, and moved from `Recommends` to `Depends` in https://salsa.debian.org/debian/gnupg2/-/commit/99474ad900a8bcdd0e7b68f986fec0013fc01470, which has been part of `src:gnupg2` since 2.1.21-4 (and every supported version of both Debian _and_ Ubuntu have 2.2.x 😇). --- 11/bullseye/Dockerfile | 19 ++++++++----------- 12/bullseye/Dockerfile | 19 ++++++++----------- 13/bullseye/Dockerfile | 19 ++++++++----------- 14/bullseye/Dockerfile | 19 ++++++++----------- 15/bullseye/Dockerfile | 19 ++++++++----------- Dockerfile-debian.template | 19 ++++++++----------- 6 files changed, 48 insertions(+), 66 deletions(-) diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index dc21b05058..9249ab20dc 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 41d75da7a6..28efe8845b 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 733f6dde47..2ebe3b3ad8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5bfaee23c0..81dc615de1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a9480e325c..125077db9b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -6,16 +6,6 @@ FROM debian:bullseye-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -26,6 +16,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -81,7 +78,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR 15 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b412d55e..dc301a7d13 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,15 +1,5 @@ FROM debian:{{ env.variant }}-slim -RUN set -ex; \ - if ! command -v gpg > /dev/null; then \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - fi - # explicitly set user/group IDs RUN set -eux; \ groupadd -r postgres --gid=999; \ @@ -20,6 +10,13 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.16 @@ -75,7 +72,7 @@ RUN set -ex; \ mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - command -v gpgconf > /dev/null && gpgconf --kill all; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} From 6efe206eaa4fe9a77d7abc7a4b72415bf80ae39b Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 10 May 2023 19:56:30 +0200 Subject: [PATCH 029/142] Alpine 3.18 --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- versions.json | 10 +++++----- versions.sh | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 51c03ad1ed..ac5df059f1 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index a96a546e71..29acb91143 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 4cd84cdc74..9384b01ddc 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 532ff95e2b..974f1bc864 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 90b2988f4e..959048fcc4 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/versions.json b/versions.json index fa4916cb86..62b523751e 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -19,7 +19,7 @@ "version": "11.19" }, "12": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -37,7 +37,7 @@ "version": "12.14" }, "13": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -55,7 +55,7 @@ "version": "13.10" }, "14": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", @@ -73,7 +73,7 @@ "version": "14.7" }, "15": { - "alpine": "3.17", + "alpine": "3.18", "bullseye": { "arches": [ "amd64", diff --git a/versions.sh b/versions.sh index e0bead30d2..ff29867cfb 100755 --- a/versions.sh +++ b/versions.sh @@ -9,7 +9,7 @@ declare -A debianSuites=( allDebianSuites=( bullseye ) -defaultAlpineVersion='3.17' +defaultAlpineVersion='3.18' declare -A alpineVersions=( #[14]='3.16' ) From ee629b1e31754d3aeed529a1a3610ac180f20e0b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:02:16 -0700 Subject: [PATCH 030/142] Update 11 to 11.20, bullseye 11.20-1.pgdg110+1 --- 11/alpine/Dockerfile | 4 ++-- 11/bullseye/Dockerfile | 2 +- versions.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index ac5df059f1..94dc99cd7e 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.19 -ENV PG_SHA256 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce RUN set -eux; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 9249ab20dc..017d2155f4 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.19-1.pgdg110+1 +ENV PG_VERSION 11.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62b523751e..20c5a22534 100644 --- a/versions.json +++ b/versions.json @@ -8,15 +8,15 @@ "ppc64el", "s390x" ], - "version": "11.19-1.pgdg110+1" + "version": "11.20-1.pgdg110+1" }, "debian": "", "debianSuites": [ "bullseye" ], "major": 11, - "sha256": "13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2", - "version": "11.19" + "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "version": "11.20" }, "12": { "alpine": "3.18", From d681c1da2faebccc790fffd3e71514548b458d50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:08:18 -0700 Subject: [PATCH 031/142] Update 12 to 12.15, bullseye 12.15-1.pgdg110+1 --- 12/alpine/Dockerfile | 4 ++-- 12/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 29acb91143..110257f91f 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.14 -ENV PG_SHA256 785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 RUN set -eux; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 28efe8845b..dd41897d86 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.14-1.pgdg110+1 +ENV PG_VERSION 12.15-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 20c5a22534..056956cb11 100644 --- a/versions.json +++ b/versions.json @@ -24,17 +24,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "12.14-1.pgdg110+1" + "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 12, - "sha256": "785610237d382c842d356e347138e58c06ffeae240e6cc0b52ac5ebcc30d043e", - "version": "12.14" + "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "version": "12.15" }, "13": { "alpine": "3.18", From 43d17d5ced92f230fa8c196e746f2e2aa288e5e8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:13:14 -0700 Subject: [PATCH 032/142] Update 13 to 13.11, bullseye 13.11-1.pgdg110+1 --- 13/alpine/Dockerfile | 4 ++-- 13/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 9384b01ddc..c8d8063edf 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.10 -ENV PG_SHA256 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb RUN set -eux; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 2ebe3b3ad8..86b4109bdc 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.10-1.pgdg110+1 +ENV PG_VERSION 13.11-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 056956cb11..4adb710048 100644 --- a/versions.json +++ b/versions.json @@ -43,17 +43,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "13.10-1.pgdg110+1" + "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 13, - "sha256": "5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2", - "version": "13.10" + "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "version": "13.11" }, "14": { "alpine": "3.18", From 8ff11cd5ae43e73fd84d0b2bc8aa88537fe18649 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:18:26 -0700 Subject: [PATCH 033/142] Update 14 to 14.8, bullseye 14.8-1.pgdg110+1 --- 14/alpine/Dockerfile | 4 ++-- 14/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 974f1bc864..0d0dd7f3aa 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.7 -ENV PG_SHA256 cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a RUN set -eux; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 81dc615de1..7ceffde11b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.7-1.pgdg110+1 +ENV PG_VERSION 14.8-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 4adb710048..a9d838c63d 100644 --- a/versions.json +++ b/versions.json @@ -62,17 +62,18 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "14.7-1.pgdg110+1" + "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 14, - "sha256": "cef60f0098fa8101c1546f4254e45b722af5431337945b37af207007630db331", - "version": "14.7" + "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "version": "14.8" }, "15": { "alpine": "3.18", From a23c0e97980edae5be2cd4eb68ff1f0762d031cd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 11 May 2023 11:23:40 -0700 Subject: [PATCH 034/142] Update 15 to 15.3, bullseye 15.3-1.pgdg110+1 --- 15/alpine/Dockerfile | 4 ++-- 15/bullseye/Dockerfile | 4 ++-- versions.json | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index 959048fcc4..eaa64bc7ae 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.2 -ENV PG_SHA256 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 RUN set -eux; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 125077db9b..3a1ef4eefa 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.2-1.pgdg110+1 +ENV PG_VERSION 15.3-1.pgdg110+1 RUN set -ex; \ \ @@ -94,7 +94,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el) \ + amd64 | arm64 | ppc64el | s390x) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index a9d838c63d..0125a3470e 100644 --- a/versions.json +++ b/versions.json @@ -81,16 +81,17 @@ "arches": [ "amd64", "arm64", - "ppc64el" + "ppc64el", + "s390x" ], - "version": "15.2-1.pgdg110+1" + "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", "debianSuites": [ "bullseye" ], "major": 15, - "sha256": "99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7", - "version": "15.2" + "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "version": "15.3" } } From 1c1e4ffa71909489fe7bf5ca0d8a775fcd28d9da Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 13:57:19 -0700 Subject: [PATCH 035/142] Add the ability for us to manually trigger GitHub tests --- .github/workflows/ci.yml | 1 + .github/workflows/verify-templating.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7bc4fdff0b..d898fd2763 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ on: push: schedule: - cron: 0 0 * * 0 + workflow_dispatch: defaults: run: diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 14497bec68..1631af9935 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -3,6 +3,7 @@ name: Verify Templating on: pull_request: push: + workflow_dispatch: defaults: run: From a3b0bb68faed03c6edd3978b8dd34ca67881f7c7 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 12 May 2023 11:54:42 -0700 Subject: [PATCH 036/142] Downgrade llvm to 15 to fix jit support --- 11/alpine/Dockerfile | 13 ++++++++++++- 12/alpine/Dockerfile | 13 ++++++++++++- 13/alpine/Dockerfile | 13 ++++++++++++- 14/alpine/Dockerfile | 13 ++++++++++++- 15/alpine/Dockerfile | 13 ++++++++++++- Dockerfile-alpine.template | 21 +++++++++++++-------- Dockerfile-debian.template | 3 --- 7 files changed, 73 insertions(+), 16 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 94dc99cd7e..6dad831545 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 11 ENV PG_VERSION 11.20 ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 110257f91f..4698d75fc9 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 12 ENV PG_VERSION 12.15 ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index c8d8063edf..29262473d4 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 13 ENV PG_VERSION 13.11 ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -76,6 +81,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 0d0dd7f3aa..5c216546ce 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 14 ENV PG_VERSION 14.8 ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -78,6 +83,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index eaa64bc7ae..ef886cc3ab 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -26,6 +26,10 @@ ENV PG_MAJOR 15 ENV PG_VERSION 15.3 ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -40,10 +44,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -51,7 +57,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ - llvm-dev clang g++ \ make \ openldap-dev \ openssl-dev \ @@ -80,6 +85,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 57807bc851..deae2546c1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -20,6 +20,11 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} +{{ def llvmver: "15" -}} +ENV DOCKER_PG_LLVM_DEPS \ + llvm{{ llvmver }}-dev \ + clang{{ llvmver }} + RUN set -eux; \ \ wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ @@ -34,10 +39,12 @@ RUN set -eux; \ rm postgresql.tar.bz2; \ \ apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ bison \ coreutils \ dpkg-dev dpkg \ flex \ + g++ \ gcc \ krb5-dev \ libc-dev \ @@ -45,9 +52,6 @@ RUN set -eux; \ libxml2-dev \ libxslt-dev \ linux-headers \ -{{ if .major >= 11 then ( -}} - llvm-dev clang g++ \ -{{ ) else "" end -}} make \ openldap-dev \ openssl-dev \ @@ -80,6 +84,12 @@ RUN set -eux; \ # explicitly update autoconf config.guess and config.sub so they support more arches/libcs wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-{{ llvmver }}; \ + \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ @@ -110,9 +120,7 @@ RUN set -eux; \ --with-libxml \ --with-libxslt \ --with-icu \ -{{ if .major >= 11 then ( -}} --with-llvm \ -{{ ) else "" end -}} {{ if .major >= 14 then ( -}} --with-lz4 \ {{ ) else "" end -}} @@ -169,9 +177,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$P VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index dc301a7d13..aeca3d8d32 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -181,9 +181,6 @@ RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PG VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ -{{ if .major >= 11 then "" else ( -}} -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -{{ ) end -}} ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL From fbc438936d086d3ad5c7d2763446e3cf829288fb Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 12 May 2023 16:51:33 -0700 Subject: [PATCH 037/142] Add `--enable-option-checking=fatal` to `configure` flags Also, remove deprecated/removed `--with-krb5` (deprecated in 8.3, removed in 9.4; https://github.com/postgres/postgres/commit/98de86e4221a418d670db86bf28ff15e880beadc). --- 11/alpine/Dockerfile | 2 +- 12/alpine/Dockerfile | 2 +- 13/alpine/Dockerfile | 2 +- 14/alpine/Dockerfile | 2 +- 15/alpine/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile index 6dad831545..ff1b3973f3 100644 --- a/11/alpine/Dockerfile +++ b/11/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile index 4698d75fc9..74854956da 100644 --- a/12/alpine/Dockerfile +++ b/12/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile index 29262473d4..2f3fc74b83 100644 --- a/13/alpine/Dockerfile +++ b/13/alpine/Dockerfile @@ -90,6 +90,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -106,7 +107,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/14/alpine/Dockerfile b/14/alpine/Dockerfile index 5c216546ce..464e468939 100644 --- a/14/alpine/Dockerfile +++ b/14/alpine/Dockerfile @@ -92,6 +92,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -108,7 +109,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/15/alpine/Dockerfile b/15/alpine/Dockerfile index ef886cc3ab..afbbfcaa27 100644 --- a/15/alpine/Dockerfile +++ b/15/alpine/Dockerfile @@ -94,6 +94,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -110,7 +111,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index deae2546c1..90a4e40d91 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -93,6 +93,7 @@ RUN set -eux; \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 ./configure \ + --enable-option-checking=fatal \ --build="$gnuArch" \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ @@ -109,7 +110,6 @@ RUN set -eux; \ --prefix=/usr/local \ --with-includes=/usr/local/include \ --with-libraries=/usr/local/lib \ - --with-krb5 \ --with-gssapi \ --with-ldap \ --with-tcl \ From 5ea98fe00be95fbbe642732d62af3b4dbc83f442 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 17 May 2023 15:35:34 -0700 Subject: [PATCH 038/142] Add support for multiple (up to two) concurrent Alpine versions --- 11/alpine3.17/Dockerfile | 204 ++++++++++ .../docker-entrypoint.sh | 0 11/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 12/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 12/{alpine => alpine3.18}/Dockerfile | 0 .../alpine3.18}/docker-entrypoint.sh | 0 13/alpine3.17/Dockerfile | 204 ++++++++++ .../alpine3.17}/docker-entrypoint.sh | 0 13/{alpine => alpine3.18}/Dockerfile | 0 13/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/alpine3.17/Dockerfile | 207 +++++++++++ 14/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 14/{alpine => alpine3.18}/Dockerfile | 0 14/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/alpine3.17/Dockerfile | 210 +++++++++++ 15/alpine3.17/docker-entrypoint.sh | 351 ++++++++++++++++++ 15/{alpine => alpine3.18}/Dockerfile | 0 15/alpine3.18/docker-entrypoint.sh | 351 ++++++++++++++++++ Dockerfile-alpine.template | 2 +- apply-templates.sh | 24 +- generate-stackbrew-library.sh | 8 +- versions.json | 40 +- versions.sh | 48 ++- 25 files changed, 2855 insertions(+), 51 deletions(-) create mode 100644 11/alpine3.17/Dockerfile rename 11/{alpine => alpine3.17}/docker-entrypoint.sh (100%) rename 11/{alpine => alpine3.18}/Dockerfile (100%) rename {12/alpine => 11/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 12/alpine3.17/Dockerfile rename {13/alpine => 12/alpine3.17}/docker-entrypoint.sh (100%) rename 12/{alpine => alpine3.18}/Dockerfile (100%) rename {14/alpine => 12/alpine3.18}/docker-entrypoint.sh (100%) create mode 100644 13/alpine3.17/Dockerfile rename {15/alpine => 13/alpine3.17}/docker-entrypoint.sh (100%) rename 13/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 13/alpine3.18/docker-entrypoint.sh create mode 100644 14/alpine3.17/Dockerfile create mode 100755 14/alpine3.17/docker-entrypoint.sh rename 14/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 14/alpine3.18/docker-entrypoint.sh create mode 100644 15/alpine3.17/Dockerfile create mode 100755 15/alpine3.17/docker-entrypoint.sh rename 15/{alpine => alpine3.18}/Dockerfile (100%) create mode 100755 15/alpine3.18/docker-entrypoint.sh diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile new file mode 100644 index 0000000000..208b2b20d5 --- /dev/null +++ b/11/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 11 +ENV PG_VERSION 11.20 +ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 11/alpine/docker-entrypoint.sh rename to 11/alpine3.17/docker-entrypoint.sh diff --git a/11/alpine/Dockerfile b/11/alpine3.18/Dockerfile similarity index 100% rename from 11/alpine/Dockerfile rename to 11/alpine3.18/Dockerfile diff --git a/12/alpine/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 12/alpine/docker-entrypoint.sh rename to 11/alpine3.18/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile new file mode 100644 index 0000000000..c12af4635b --- /dev/null +++ b/12/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 12 +ENV PG_VERSION 12.15 +ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/alpine/docker-entrypoint.sh b/12/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 13/alpine/docker-entrypoint.sh rename to 12/alpine3.17/docker-entrypoint.sh diff --git a/12/alpine/Dockerfile b/12/alpine3.18/Dockerfile similarity index 100% rename from 12/alpine/Dockerfile rename to 12/alpine3.18/Dockerfile diff --git a/14/alpine/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh similarity index 100% rename from 14/alpine/docker-entrypoint.sh rename to 12/alpine3.18/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile new file mode 100644 index 0000000000..1991131da1 --- /dev/null +++ b/13/alpine3.17/Dockerfile @@ -0,0 +1,204 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 13 +ENV PG_VERSION 13.11 +ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine/docker-entrypoint.sh b/13/alpine3.17/docker-entrypoint.sh similarity index 100% rename from 15/alpine/docker-entrypoint.sh rename to 13/alpine3.17/docker-entrypoint.sh diff --git a/13/alpine/Dockerfile b/13/alpine3.18/Dockerfile similarity index 100% rename from 13/alpine/Dockerfile rename to 13/alpine3.18/Dockerfile diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/13/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile new file mode 100644 index 0000000000..ebdda2f29f --- /dev/null +++ b/14/alpine3.17/Dockerfile @@ -0,0 +1,207 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 14 +ENV PG_VERSION 14.8 +ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/alpine/Dockerfile b/14/alpine3.18/Dockerfile similarity index 100% rename from 14/alpine/Dockerfile rename to 14/alpine3.18/Dockerfile diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/14/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile new file mode 100644 index 0000000000..42c7ee1dbb --- /dev/null +++ b/15/alpine3.17/Dockerfile @@ -0,0 +1,210 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 15 +ENV PG_VERSION 15.3 +ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-gnu-ld \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/alpine/Dockerfile b/15/alpine3.18/Dockerfile similarity index 100% rename from 15/alpine/Dockerfile rename to 15/alpine3.18/Dockerfile diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/15/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 90a4e40d91..aacb2b1d07 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,4 @@ -FROM alpine:{{ .alpine }} +FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/apply-templates.sh b/apply-templates.sh index b4c1a33d7f..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -34,7 +34,7 @@ for version; do major="$(jq -r '.[env.version].major' versions.json)" - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" rm -rf "$version" @@ -47,19 +47,21 @@ for version; do echo "processing $dir ..." - if [ "$variant" = 'alpine' ]; then - template='Dockerfile-alpine.template' - else - template='Dockerfile-debian.template' - fi + cp -a docker-entrypoint.sh "$dir/" + + case "$variant" in + alpine*) + template='Dockerfile-alpine.template' + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + ;; + *) + template='Dockerfile-debian.template' + ;; + esac + { generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" - - cp -a docker-entrypoint.sh "$dir/" - if [ "$variant" = 'alpine' ]; then - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" - fi done done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cef5d3534f..b977cc6561 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -76,9 +76,10 @@ join() { for version; do export version - variants="$(jq -r '.[env.version].debianSuites + ["alpine"] | map(@sh) | join(" ")' versions.json)" + variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" eval "variants=( $variants )" + alpine="$(jq -r '.[env.version].alpine' versions.json)" debian="$(jq -r '.[env.version].debian' versions.json)" fullVersion="$(jq -r '.[env.version].version' versions.json)" @@ -115,9 +116,8 @@ for version; do "${variantAliases[@]}" ) ;; - alpine) - alpine="alpine${parent#*:}" - variantAliases+=( "${versionAliases[@]/%/-$alpine}" ) + alpine"$alpine") + variantAliases+=( "${versionAliases[@]/%/-alpine}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) ;; esac diff --git a/versions.json b/versions.json index 0125a3470e..ae4a3cdb4e 100644 --- a/versions.json +++ b/versions.json @@ -11,11 +11,13 @@ "version": "11.20-1.pgdg110+1" }, "debian": "", - "debianSuites": [ - "bullseye" - ], "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "11.20" }, "12": { @@ -30,11 +32,13 @@ "version": "12.15-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "12.15" }, "13": { @@ -49,11 +53,13 @@ "version": "13.11-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "13.11" }, "14": { @@ -68,11 +74,13 @@ "version": "14.8-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "14.8" }, "15": { @@ -87,11 +95,13 @@ "version": "15.3-1.pgdg110+1" }, "debian": "bullseye", - "debianSuites": [ - "bullseye" - ], "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], "version": "15.3" } } diff --git a/versions.sh b/versions.sh index ff29867cfb..90641fa88a 100755 --- a/versions.sh +++ b/versions.sh @@ -1,15 +1,19 @@ #!/usr/bin/env bash set -Eeuo pipefail -# https://github.com/docker-library/postgres/issues/582 😬 -defaultDebianSuite='bullseye' -declare -A debianSuites=( - [11]='' -) -allDebianSuites=( +# we will support at most two entries in each of these lists, and both should be in descending order +supportedDebianSuites=( bullseye ) -defaultAlpineVersion='3.18' +supportedAlpineVersions=( + 3.18 + 3.17 +) +defaultDebianSuite="${supportedDebianSuites[0]}" +declare -A debianSuites=( + [11]='' # https://github.com/docker-library/postgres/issues/582 😬 +) +defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( #[14]='3.16' ) @@ -35,6 +39,8 @@ _raw_package_list() { curl -fsSL "$packagesBase/$suite-pgdg/$component/binary-$arch/Packages.bz2" | bunzip2 } fetch_suite_package_list() { + local -; set +x # make sure running with "set -x" doesn't spam the terminal with the raw package lists + local suite="$1"; shift local version="$1"; shift local arch="$1"; shift @@ -82,24 +88,20 @@ for version in "${versions[@]}"; do debian: env.versionDebianSuite, }')" - versionDebianSuites=() - for suite in "${allDebianSuites[@]}"; do - versionDebianSuites+=( "$suite" ) - done - fullVersion= - for suite in "${versionDebianSuites[@]}"; do + for suite in "${supportedDebianSuites[@]}"; do fetch_suite_package_list "$suite" "$version" 'amd64' - suiteVersion="$(awk_package_list "$suite" "$version" 'amd64' ' + suiteVersions="$(awk_package_list "$suite" "$version" 'amd64' ' $1 == "Package" { pkg = $2 } - $1 == "Version" && pkg == "postgresql-" version { print $2; exit } - ')" - srcVersion="${suiteVersion%%-*}" + $1 == "Version" && pkg == "postgresql-" version { print $2 } + ' | sort -V)" + suiteVersion="$(tail -1 <<<"$suiteVersions")" # "15~beta4-1.pgdg110+1" + srcVersion="${suiteVersion%%-*}" # "15~beta4" tilde='~' - srcVersion="${srcVersion//$tilde/}" + srcVersion="${srcVersion//$tilde/}" # "15beta4" [ -n "$fullVersion" ] || fullVersion="$srcVersion" if [ "$fullVersion" != "$srcVersion" ]; then - echo >&2 "warning: $version should be '$fullVersion' but $suite is '$srcVersion'" + echo >&2 "warning: $version should be '$fullVersion' but $suite has '$srcVersion' ($suiteVersion)" continue fi @@ -122,7 +124,13 @@ for version in "${versions[@]}"; do version: env.suiteVersion, arches: $arches, } - | .debianSuites += [ env.suite ] + | .variants += [ env.suite ] + ')" + done + + for alpineVersion in "${supportedAlpineVersions[@]}"; do + doc="$(jq <<<"$doc" -c --arg v "$alpineVersion" ' + .variants += [ "alpine" + $v ] ')" done From 4fe55381bab76d0d39195f84e00cfdd0759e65c0 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 30 May 2023 14:40:50 -0700 Subject: [PATCH 039/142] Add postgres 16 beta1 --- 16/alpine3.17/Dockerfile | 209 +++++++++++++++++ 16/alpine3.17/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/alpine3.18/Dockerfile | 209 +++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ 16/bullseye/Dockerfile | 219 ++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++ Dockerfile-alpine.template | 4 + versions.json | 21 ++ 8 files changed, 1715 insertions(+) create mode 100644 16/alpine3.17/Dockerfile create mode 100755 16/alpine3.17/docker-entrypoint.sh create mode 100644 16/alpine3.18/Dockerfile create mode 100755 16/alpine3.18/docker-entrypoint.sh create mode 100644 16/bullseye/Dockerfile create mode 100755 16/bullseye/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile new file mode 100644 index 0000000000..4e40b1427a --- /dev/null +++ b/16/alpine3.17/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.17 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.17/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.17/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile new file mode 100644 index 0000000000..47895ab1ee --- /dev/null +++ b/16/alpine3.18/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.18 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 16 +ENV PG_VERSION 16beta1 +ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-thread-safety \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world; \ + make install-world; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh new file mode 100755 index 0000000000..a383a36487 --- /dev/null +++ b/16/alpine3.18/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile new file mode 100644 index 0000000000..4fc142b9d8 --- /dev/null +++ b/16/bullseye/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bullseye/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index aacb2b1d07..c581fe0ecf 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -104,7 +104,11 @@ RUN set -eux; \ # --enable-debug \ --disable-rpath \ --with-uuid=e2fs \ +{{ # in 16: "configure: error: unrecognized options: --with-gnu-ld" -}} +{{ # https://github.com/postgres/postgres/commit/9db49fc5bfdc0126be03f4b8986013e59d93b91d -}} +{{ if .major <= 15 then ( -}} --with-gnu-ld \ +{{ ) else "" end -}} --with-pgport=5432 \ --with-system-tzdata=/usr/share/zoneinfo \ --prefix=/usr/local \ diff --git a/versions.json b/versions.json index ae4a3cdb4e..ec1cc70c88 100644 --- a/versions.json +++ b/versions.json @@ -103,5 +103,26 @@ "alpine3.17" ], "version": "15.3" + }, + "16": { + "alpine": "3.18", + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg110+1" + }, + "debian": "bullseye", + "major": 16, + "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "variants": [ + "bullseye", + "alpine3.18", + "alpine3.17" + ], + "version": "16beta1" } } From 3fda89cc5c2e588f46ae4f1ac117114c8e6814f1 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Tue, 13 Jun 2023 14:17:18 -0700 Subject: [PATCH 040/142] Add Debian bookworm variant --- 11/bookworm/Dockerfile | 219 +++++++++++++++++++ 11/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 12/bookworm/Dockerfile | 219 +++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 13/bookworm/Dockerfile | 221 +++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 14/bookworm/Dockerfile | 219 +++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 15/bookworm/Dockerfile | 219 +++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ 16/bookworm/Dockerfile | 219 +++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 351 +++++++++++++++++++++++++++++++ versions.json | 70 +++++- versions.sh | 1 + 14 files changed, 3488 insertions(+), 5 deletions(-) create mode 100644 11/bookworm/Dockerfile create mode 100755 11/bookworm/docker-entrypoint.sh create mode 100644 12/bookworm/Dockerfile create mode 100755 12/bookworm/docker-entrypoint.sh create mode 100644 13/bookworm/Dockerfile create mode 100755 13/bookworm/docker-entrypoint.sh create mode 100644 14/bookworm/Dockerfile create mode 100755 14/bookworm/docker-entrypoint.sh create mode 100644 15/bookworm/Dockerfile create mode 100755 15/bookworm/docker-entrypoint.sh create mode 100644 16/bookworm/Dockerfile create mode 100755 16/bookworm/docker-entrypoint.sh diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile new file mode 100644 index 0000000000..b0d931b2ee --- /dev/null +++ b/11/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 11 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 11.20-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/11/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile new file mode 100644 index 0000000000..32626a880b --- /dev/null +++ b/12/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 12 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 12.15-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/12/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile new file mode 100644 index 0000000000..0deeced385 --- /dev/null +++ b/13/bookworm/Dockerfile @@ -0,0 +1,221 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 13 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 13.11-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ +# we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 + DEBIAN_FRONTEND=noninteractive \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/13/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile new file mode 100644 index 0000000000..e8ce3bb2c2 --- /dev/null +++ b/14/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 14 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 14.8-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/14/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile new file mode 100644 index 0000000000..ae7ccd4f21 --- /dev/null +++ b/15/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 15 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 15.3-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/15/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile new file mode 100644 index 0000000000..d4364c95e5 --- /dev/null +++ b/16/bookworm/Dockerfile @@ -0,0 +1,219 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.16 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 16 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 16~beta1-2.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..0ae0ecf8c2 --- /dev/null +++ b/16/bookworm/docker-entrypoint.sh @@ -0,0 +1,351 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/versions.json b/versions.json index ec1cc70c88..0325e3d547 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,15 @@ { "11": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "11.20-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -14,6 +23,7 @@ "major": 11, "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -22,6 +32,15 @@ }, "12": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "12.15-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -31,10 +50,11 @@ ], "version": "12.15-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 12, "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -43,6 +63,15 @@ }, "13": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "13.11-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -52,10 +81,11 @@ ], "version": "13.11-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 13, "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -64,6 +94,15 @@ }, "14": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "14.8-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -73,10 +112,11 @@ ], "version": "14.8-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 14, "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -85,6 +125,15 @@ }, "15": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "15.3-1.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -94,10 +143,11 @@ ], "version": "15.3-1.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 15, "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" @@ -106,6 +156,15 @@ }, "16": { "alpine": "3.18", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "16~beta1-2.pgdg120+1" + }, "bullseye": { "arches": [ "amd64", @@ -115,10 +174,11 @@ ], "version": "16~beta1-2.pgdg110+1" }, - "debian": "bullseye", + "debian": "bookworm", "major": 16, "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", "variants": [ + "bookworm", "bullseye", "alpine3.18", "alpine3.17" diff --git a/versions.sh b/versions.sh index 90641fa88a..7c044441b7 100755 --- a/versions.sh +++ b/versions.sh @@ -3,6 +3,7 @@ set -Eeuo pipefail # we will support at most two entries in each of these lists, and both should be in descending order supportedDebianSuites=( + bookworm bullseye ) supportedAlpineVersions=( From cba2a05c03706daf5f9a66b93a447540b62df063 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 29 Jun 2023 17:03:10 -0700 Subject: [PATCH 041/142] Update 16 to 16beta2, bookworm 16~beta2-1.pgdg120+1, bullseye 16~beta2-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 4e40b1427a..6d625f0633 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 47895ab1ee..1176a9eaeb 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta1 -ENV PG_SHA256 59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8 +ENV PG_VERSION 16beta2 +ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d4364c95e5..b538db81e0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg120+1 +ENV PG_VERSION 16~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 4fc142b9d8..a963dbee7f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta1-2.pgdg110+1 +ENV PG_VERSION 16~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0325e3d547..8c4cb36312 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg120+1" + "version": "16~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta1-2.pgdg110+1" + "version": "16~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "59e248d434aa515fa2d31c0d161c4148f30d511dcde91f6e888684823b6849a8", + "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta1" + "version": "16beta2" } } From 16fa0f1d18f7c46f7dcac1e250b680fcb1a2e051 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:02:22 -0700 Subject: [PATCH 042/142] Update 11 to 11.21, bookworm 11.21-1.pgdg120+1, bullseye 11.21-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 4 ++-- 11/alpine3.18/Dockerfile | 4 ++-- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 208b2b20d5..7730ab0be3 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index ff1b3973f3..7de4f4ab5c 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.20 -ENV PG_SHA256 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce +ENV PG_VERSION 11.21 +ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0d931b2ee..8747b555a8 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg120+1 +ENV PG_VERSION 11.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 017d2155f4..71f22172b7 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.20-1.pgdg110+1 +ENV PG_VERSION 11.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8c4cb36312..13c44c1d35 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg120+1" + "version": "11.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.20-1.pgdg110+1" + "version": "11.21-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce", + "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.20" + "version": "11.21" }, "12": { "alpine": "3.18", From 9061f74afc30391adb6a1a35d4f7b605ecaa09b9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:14:30 -0700 Subject: [PATCH 043/142] Update 12 to 12.16, bookworm 12.16-1.pgdg120+1, bullseye 12.16-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 4 ++-- 12/alpine3.18/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index c12af4635b..19e3d03e14 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 74854956da..ae9b2ad48a 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.15 -ENV PG_SHA256 bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36 +ENV PG_VERSION 12.16 +ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 32626a880b..be1dae2d24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg120+1 +ENV PG_VERSION 12.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index dd41897d86..1af7f7eaa9 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.15-1.pgdg110+1 +ENV PG_VERSION 12.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 13c44c1d35..ae19c95664 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg120+1" + "version": "12.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.15-1.pgdg110+1" + "version": "12.16-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "bb5206e2864c1c4579938b96ea6096d155f22abf2d2cc2aa57571e3c4cb12b36", + "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.15" + "version": "12.16" }, "13": { "alpine": "3.18", From 69cf8b8aac63224380f943bd6428f088ddfb3435 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:25:03 -0700 Subject: [PATCH 044/142] Update 13 to 13.12, bookworm 13.12-1.pgdg120+1, bullseye 13.12-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 4 ++-- 13/alpine3.18/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 1991131da1..8d9822dd8d 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 2f3fc74b83..179639fa0f 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.11 -ENV PG_SHA256 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb +ENV PG_VERSION 13.12 +ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 0deeced385..63e873bbf6 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg120+1 +ENV PG_VERSION 13.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 86b4109bdc..fa1f0ee364 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.11-1.pgdg110+1 +ENV PG_VERSION 13.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae19c95664..eceb853cfe 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg120+1" + "version": "13.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.11-1.pgdg110+1" + "version": "13.12-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb", + "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.11" + "version": "13.12" }, "14": { "alpine": "3.18", From 05f691067b29d8fb4211a47da37a381d58d36691 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:35:14 -0700 Subject: [PATCH 045/142] Update 14 to 14.9, bookworm 14.9-1.pgdg120+1, bullseye 14.9-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 4 ++-- 14/alpine3.18/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index ebdda2f29f..8953fca701 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 464e468939..d349333c0a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.8 -ENV PG_SHA256 39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a +ENV PG_VERSION 14.9 +ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e8ce3bb2c2..08a11ced6a 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg120+1 +ENV PG_VERSION 14.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 7ceffde11b..0cd385b3e5 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.8-1.pgdg110+1 +ENV PG_VERSION 14.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index eceb853cfe..57ebf31cb2 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg120+1" + "version": "14.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.8-1.pgdg110+1" + "version": "14.9-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "39d38f0030737ed03835debeefee3b37d335462ce4995e2497bc38d621ebe45a", + "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.8" + "version": "14.9" }, "15": { "alpine": "3.18", From 1a73ab671b5f0f18313726e734c76bf171385c32 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 11:46:34 -0700 Subject: [PATCH 046/142] Update 15 to 15.4, bookworm 15.4-1.pgdg120+1, bullseye 15.4-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 4 ++-- 15/alpine3.18/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 42c7ee1dbb..cfab85a8e4 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index afbbfcaa27..f54cd720ff 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.3 -ENV PG_SHA256 ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932 +ENV PG_VERSION 15.4 +ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index ae7ccd4f21..a19d9b15bf 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg120+1 +ENV PG_VERSION 15.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 3a1ef4eefa..f890295e3b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.3-1.pgdg110+1 +ENV PG_VERSION 15.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 57ebf31cb2..802f1a223c 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg120+1" + "version": "15.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.3-1.pgdg110+1" + "version": "15.4-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932", + "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.3" + "version": "15.4" }, "16": { "alpine": "3.18", From ee530cc079f232f9b1045db43d8c501ee2057d6d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 10 Aug 2023 17:05:53 -0700 Subject: [PATCH 047/142] Update 16 to 16beta3, bookworm 16~beta3-1.pgdg120+2, bullseye 16~beta3-1.pgdg110+2 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 6d625f0633..64e9c67d1e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 1176a9eaeb..878e870043 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta2 -ENV PG_SHA256 ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50 +ENV PG_VERSION 16beta3 +ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index b538db81e0..5f6a1416a3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg120+1 +ENV PG_VERSION 16~beta3-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a963dbee7f..9a3655d4bc 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta2-1.pgdg110+1 +ENV PG_VERSION 16~beta3-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 802f1a223c..23690f6daa 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg120+1" + "version": "16~beta3-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta2-1.pgdg110+1" + "version": "16~beta3-1.pgdg110+2" }, "debian": "bookworm", "major": 16, - "sha256": "ba653197465180c93775b4949a89dc6fbfebae2a44587ae7168fdfd24f519b50", + "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta2" + "version": "16beta3" } } From 2f0ed0c7e8f8b05b294740f150397eec0af8dc50 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 31 Aug 2023 11:03:02 -0700 Subject: [PATCH 048/142] Update 16 to 16rc1, bookworm 16~rc1-1.pgdg120+1, bullseye 16~rc1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 64e9c67d1e..0063586f6e 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 878e870043..530c62a7ad 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16beta3 -ENV PG_SHA256 ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3 +ENV PG_VERSION 16rc1 +ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 5f6a1416a3..c699d7ae62 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg120+2 +ENV PG_VERSION 16~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9a3655d4bc..5b52b518ea 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~beta3-1.pgdg110+2 +ENV PG_VERSION 16~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 23690f6daa..9457a12a28 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg120+2" + "version": "16~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~beta3-1.pgdg110+2" + "version": "16~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ffcf44e272662f6ac451a8d6d6ff951715db651c8d4907ec659cbde46abd52d3", + "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16beta3" + "version": "16rc1" } } From 8a631b939a0b4197cb6bef49b50b6c40c80ddf5b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:02:56 -0700 Subject: [PATCH 049/142] Update 15 to bookworm 15.4-2.pgdg120+1, bullseye 15.4-2.pgdg110+1 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index a19d9b15bf..4e85949346 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg120+1 +ENV PG_VERSION 15.4-2.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f890295e3b..0e8bc89675 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-1.pgdg110+1 +ENV PG_VERSION 15.4-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9457a12a28..cc8643a567 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg120+1" + "version": "15.4-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "15.4-1.pgdg110+1" + "version": "15.4-2.pgdg110+1" }, "debian": "bookworm", "major": 15, From 7442464585e3cd75554976cbe94819a42da10bbd Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Sep 2023 11:21:14 -0700 Subject: [PATCH 050/142] Update 16 to 16.0, bookworm 16.0-1.pgdg120+1, bullseye 16.0-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 4 ++-- 16/alpine3.18/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0063586f6e..0b00e1d491 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 530c62a7ad..7d21a33740 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16rc1 -ENV PG_SHA256 ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84 +ENV PG_VERSION 16.0 +ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c699d7ae62..30ebb70a2c 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg120+1 +ENV PG_VERSION 16.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5b52b518ea..ceb76d0032 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16~rc1-1.pgdg110+1 +ENV PG_VERSION 16.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cc8643a567..11f8b35a91 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg120+1" + "version": "16.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16~rc1-1.pgdg110+1" + "version": "16.0-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce97b3f4199a702a19ced11f86d0b93bb1fa55e869129e1435210ed8d505fa84", + "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16rc1" + "version": "16.0" } } From 7df6bc166fbf0d7f28c85700235012317a22f88e Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 14 Sep 2023 14:33:51 -0700 Subject: [PATCH 051/142] Move latest to 16 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b977cc6561..9dc0d91ea1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [15]='latest' + [16]='latest' ) self="$(basename "$BASH_SOURCE")" From 6f4ae836406b010948f01fbcb400a31dca4fdf52 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Tue, 3 Oct 2023 15:59:53 -0400 Subject: [PATCH 052/142] Added inline SBOM for binaries downloaded outside package manager --- .gitignore | 1 + 11/alpine3.17/Dockerfile | 4 +++- 11/alpine3.18/Dockerfile | 4 +++- 12/alpine3.17/Dockerfile | 4 +++- 12/alpine3.18/Dockerfile | 4 +++- 13/alpine3.17/Dockerfile | 4 +++- 13/alpine3.18/Dockerfile | 4 +++- 14/alpine3.17/Dockerfile | 4 +++- 14/alpine3.18/Dockerfile | 4 +++- 15/alpine3.17/Dockerfile | 4 +++- 15/alpine3.18/Dockerfile | 4 +++- 16/alpine3.17/Dockerfile | 4 +++- 16/alpine3.18/Dockerfile | 4 +++- Dockerfile-alpine.template | 16 +++++++++++++++- apply-templates.sh | 5 +++++ 15 files changed, 57 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index d548f66de0..2a4a211b89 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .jq-template.awk +template-helper-functions.jq diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index 7730ab0be3..ba083fd7da 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 7de4f4ab5c..0c2fdd7d16 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 19e3d03e14..257b372eba 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index ae9b2ad48a..1669e4f377 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 8d9822dd8d..9510d10f56 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 179639fa0f..119d0ce90d 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -151,7 +152,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 8953fca701..a814f6d12e 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index d349333c0a..2b6788066a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -154,7 +155,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index cfab85a8e4..3dfb914b27 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index f54cd720ff..560e8d644b 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,7 +158,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 0b00e1d491..5863fd58d3 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 7d21a33740..94437870d5 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,6 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # + FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -156,7 +157,8 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c581fe0ecf..0548c0126a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,3 +1,4 @@ +{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -164,7 +165,20 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - \ + echo '{{ + { + name: "postgres", + version: .version, + params: { + os_name: "alpine", + os_version: env.variant | ltrimstr("alpine"), + }, + licenses: [ + "PostgreSQL" + ] + } | sbom | tostring + }}' > /usr/local/postgres.spdx.json \ + ; \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 31eb541934..7b6dc1763d 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,6 +13,11 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi +jqf='template-helper-functions.jq' +if [ "$BASH_SOURCE" -nt "$jqf" ]; then + wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' +fi + if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From f2860f3faf8d0f3993389f529f8833778b08eba4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:02:26 -0800 Subject: [PATCH 053/142] Update 11 to 11.22, bookworm 11.22-1.pgdg120+1, bullseye 11.22-1.pgdg110+1 --- 11/alpine3.17/Dockerfile | 6 +++--- 11/alpine3.18/Dockerfile | 6 +++--- 11/bookworm/Dockerfile | 2 +- 11/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ba083fd7da..ea3c85deb4 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 0c2fdd7d16..76989691e7 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 11 -ENV PG_VERSION 11.21 -ENV PG_SHA256 07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 +ENV PG_VERSION 11.22 +ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 8747b555a8..ca21311f93 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg120+1 +ENV PG_VERSION 11.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 71f22172b7..18a6164560 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 11.21-1.pgdg110+1 +ENV PG_VERSION 11.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11f8b35a91..6a12de7167 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg120+1" + "version": "11.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "11.21-1.pgdg110+1" + "version": "11.22-1.pgdg110+1" }, "debian": "", "major": 11, - "sha256": "07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850", + "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "11.21" + "version": "11.22" }, "12": { "alpine": "3.18", From 038c4c577a3c58dddf9ec2ccaa643009b8ba414b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:16:09 -0800 Subject: [PATCH 054/142] Update 12 to 12.17, bookworm 12.17-1.pgdg120+1, bullseye 12.17-1.pgdg110+1 --- 12/alpine3.17/Dockerfile | 6 +++--- 12/alpine3.18/Dockerfile | 6 +++--- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 257b372eba..0143bbaa25 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 1669e4f377..66dd4e7f94 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.16 -ENV PG_SHA256 c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3 +ENV PG_VERSION 12.17 +ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index be1dae2d24..fc78b06f0b 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg120+1 +ENV PG_VERSION 12.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 1af7f7eaa9..2df49e2489 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.16-1.pgdg110+1 +ENV PG_VERSION 12.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6a12de7167..470f0c18a3 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg120+1" + "version": "12.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "12.16-1.pgdg110+1" + "version": "12.17-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "c5f1fff7a0f93e1ec3746417b0594290ece617b4995ed95b8d527af0ba0e38f3", + "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "12.16" + "version": "12.17" }, "13": { "alpine": "3.18", From ce930677d59d780645e69fa2fe68d4ac391b6d2e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:28:24 -0800 Subject: [PATCH 055/142] Update 13 to 13.13, bookworm 13.13-1.pgdg120+1, bullseye 13.13-1.pgdg110+1 --- 13/alpine3.17/Dockerfile | 6 +++--- 13/alpine3.18/Dockerfile | 6 +++--- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 9510d10f56..f11c930e08 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 119d0ce90d..e3e5fde8f0 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.12 -ENV PG_SHA256 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b +ENV PG_VERSION 13.13 +ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 63e873bbf6..cdcab7f653 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg120+1 +ENV PG_VERSION 13.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa1f0ee364..e912263c14 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.12-1.pgdg110+1 +ENV PG_VERSION 13.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 470f0c18a3..d23bee4c55 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg120+1" + "version": "13.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "13.12-1.pgdg110+1" + "version": "13.13-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b", + "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "13.12" + "version": "13.13" }, "14": { "alpine": "3.18", From d7660ac1e7417041e5197861d7d8c3d0954c83c4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:39:00 -0800 Subject: [PATCH 056/142] Update 14 to 14.10, bookworm 14.10-1.pgdg120+1, bullseye 14.10-1.pgdg110+1 --- 14/alpine3.17/Dockerfile | 6 +++--- 14/alpine3.18/Dockerfile | 6 +++--- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index a814f6d12e..69867775cc 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 2b6788066a..6efb1f3ae4 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.9 -ENV PG_SHA256 b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef +ENV PG_VERSION 14.10 +ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 08a11ced6a..9a2c737c0b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg120+1 +ENV PG_VERSION 14.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0cd385b3e5..ecb7ffe02d 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.9-1.pgdg110+1 +ENV PG_VERSION 14.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d23bee4c55..2d0c30403d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg120+1" + "version": "14.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "14.9-1.pgdg110+1" + "version": "14.10-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef", + "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "14.9" + "version": "14.10" }, "15": { "alpine": "3.18", From da624f9e2e26fd185c73532ec52203aa3683f4db Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 11:51:15 -0800 Subject: [PATCH 057/142] Update 15 to 15.5, bookworm 15.5-1.pgdg120+1, bullseye 15.5-1.pgdg110+1 --- 15/alpine3.17/Dockerfile | 6 +++--- 15/alpine3.18/Dockerfile | 6 +++--- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 3dfb914b27..ea6eb5b385 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 560e8d644b..7099900433 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.4 -ENV PG_SHA256 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 +ENV PG_VERSION 15.5 +ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 4e85949346..6354b9fd02 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg120+1 +ENV PG_VERSION 15.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 0e8bc89675..ee6020db00 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.4-2.pgdg110+1 +ENV PG_VERSION 15.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 2d0c30403d..62c9bf46a9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg120+1" + "version": "15.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "15.4-2.pgdg110+1" + "version": "15.5-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9", + "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "15.4" + "version": "15.5" }, "16": { "alpine": "3.18", From f85674ce472bc78b8b8a0478dacd595e44cb9616 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 Nov 2023 12:04:26 -0800 Subject: [PATCH 058/142] Update 16 to 16.1, bookworm 16.1-1.pgdg120+1, bullseye 16.1-1.pgdg110+1 --- 16/alpine3.17/Dockerfile | 6 +++--- 16/alpine3.18/Dockerfile | 6 +++--- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 5863fd58d3..a257139f77 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 94437870d5..17961b3ac1 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -24,8 +24,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.0 -ENV PG_SHA256 df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 +ENV PG_VERSION 16.1 +ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 30ebb70a2c..a89f7ee3af 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg120+1 +ENV PG_VERSION 16.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ceb76d0032..53237b4998 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.0-1.pgdg110+1 +ENV PG_VERSION 16.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 62c9bf46a9..f4acc7ebf5 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg120+1" + "version": "16.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "16.0-1.pgdg110+1" + "version": "16.1-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99", + "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", "variants": [ "bookworm", "bullseye", "alpine3.18", "alpine3.17" ], - "version": "16.0" + "version": "16.1" } } From 2468c9d91a2ef4055411e09c42cd054732ebf579 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 16:11:07 -0800 Subject: [PATCH 059/142] Update permissions from 777 to 1777 (redux) I somehow missed Debian in 25b3034e9b0155c3e71acaf650243e7d12a571c1 (only updated Alpine), so this updates Debian in the same way. > This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. > > This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine3.17/Dockerfile | 2 +- 11/alpine3.18/Dockerfile | 2 +- 11/bookworm/Dockerfile | 6 +++--- 11/bullseye/Dockerfile | 6 +++--- 12/alpine3.17/Dockerfile | 2 +- 12/alpine3.18/Dockerfile | 2 +- 12/bookworm/Dockerfile | 6 +++--- 12/bullseye/Dockerfile | 6 +++--- 13/alpine3.17/Dockerfile | 2 +- 13/alpine3.18/Dockerfile | 2 +- 13/bookworm/Dockerfile | 6 +++--- 13/bullseye/Dockerfile | 6 +++--- 14/alpine3.17/Dockerfile | 2 +- 14/alpine3.18/Dockerfile | 2 +- 14/bookworm/Dockerfile | 6 +++--- 14/bullseye/Dockerfile | 6 +++--- 15/alpine3.17/Dockerfile | 2 +- 15/alpine3.18/Dockerfile | 2 +- 15/bookworm/Dockerfile | 6 +++--- 15/bullseye/Dockerfile | 6 +++--- 16/alpine3.17/Dockerfile | 2 +- 16/alpine3.18/Dockerfile | 2 +- 16/bookworm/Dockerfile | 6 +++--- 16/bullseye/Dockerfile | 6 +++--- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 6 +++--- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ea3c85deb4..6675a1cb21 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 76989691e7..8e5d701a7d 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index ca21311f93..69f863bef2 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 18a6164560..f7bb865651 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 0143bbaa25..f7f9284cbf 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 66dd4e7f94..fde4049703 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index fc78b06f0b..4203c226e1 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2df49e2489..ad25a552ad 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index f11c930e08..ab7ceab4b1 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index e3e5fde8f0..cd9936c4c4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cdcab7f653..9b1dab9be8 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e912263c14..be787cf111 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 69867775cc..4283c5f1b0 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 6efb1f3ae4..9856dcc54b 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 9a2c737c0b..36a84c8abf 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index ecb7ffe02d..798ca635eb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index ea6eb5b385..324f745d35 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 7099900433..8fda3e0adf 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 6354b9fd02..3f9eff6e8e 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ee6020db00..f93842e4b2 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index a257139f77..ef93501447 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 17961b3ac1..c93ecdb229 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a89f7ee3af..55e6934a4a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 53237b4998..3d650c2b79 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0548c0126a..efbccde00e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -190,7 +190,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index aeca3d8d32..0d897a9af4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -173,11 +173,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ From 55e45ba6bb06af775f14515e76c0e8906fa0035d Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 13:17:35 -0800 Subject: [PATCH 060/142] Debian images: Use locale-gen instead of localdef The use of manually calling localdef caused any future update to the locales package to remove the manually installed locales, since locale-gen takes precendence. This would usually be encountered when a downstream Dockerfile added additional packages, and as a side effect caused an upgrade to the locales package. Fix by relying on the /etc/locale.gen file, which is the official place to specify which locales should be installed. Fixes #1112 --- 11/bookworm/Dockerfile | 3 ++- 11/bullseye/Dockerfile | 3 ++- 12/bookworm/Dockerfile | 3 ++- 12/bullseye/Dockerfile | 3 ++- 13/bookworm/Dockerfile | 3 ++- 13/bullseye/Dockerfile | 3 ++- 14/bookworm/Dockerfile | 3 ++- 14/bullseye/Dockerfile | 3 ++- 15/bookworm/Dockerfile | 3 ++- 15/bullseye/Dockerfile | 3 ++- 16/bookworm/Dockerfile | 3 ++- 16/bullseye/Dockerfile | 3 ++- Dockerfile-debian.template | 3 ++- 13 files changed, 26 insertions(+), 13 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index 69f863bef2..b0b53d519b 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index f7bb865651..0de7a2e8b9 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4203c226e1..376ea147a0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index ad25a552ad..354ee5e25c 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9b1dab9be8..c37ad7fc5f 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index be787cf111..83f6d9fd84 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 36a84c8abf..1eb9c3eeb9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 798ca635eb..401e823764 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3f9eff6e8e..60741cddbd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index f93842e4b2..1b5ca69a65 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 55e6934a4a..359a948d40 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3d650c2b79..a906a74505 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,7 +55,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 0d897a9af4..1dced5e469 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,7 +49,8 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ + locale-gen ENV LANG en_US.utf8 RUN set -eux; \ From a42b68455866552c2ad2fc9a8e18d46b50712139 Mon Sep 17 00:00:00 2001 From: Lukas Fittl Date: Thu, 7 Dec 2023 14:37:56 -0800 Subject: [PATCH 061/142] Debian packages: Add explicit check for locale-gen creating locales In case Debian changes the logic of how locale-gen works, this will flag it early during the build process. --- 11/bookworm/Dockerfile | 5 +++-- 11/bullseye/Dockerfile | 5 +++-- 12/bookworm/Dockerfile | 5 +++-- 12/bullseye/Dockerfile | 5 +++-- 13/bookworm/Dockerfile | 5 +++-- 13/bullseye/Dockerfile | 5 +++-- 14/bookworm/Dockerfile | 5 +++-- 14/bullseye/Dockerfile | 5 +++-- 15/bookworm/Dockerfile | 5 +++-- 15/bullseye/Dockerfile | 5 +++-- 16/bookworm/Dockerfile | 5 +++-- 16/bullseye/Dockerfile | 5 +++-- Dockerfile-debian.template | 5 +++-- 13 files changed, 39 insertions(+), 26 deletions(-) diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index b0b53d519b..4406b7a246 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 0de7a2e8b9..ce3e8bb562 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 376ea147a0..165a9666bf 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 354ee5e25c..6a6dd9ee59 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c37ad7fc5f..d97ed4221c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 83f6d9fd84..d88766fc44 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 1eb9c3eeb9..e99b2427b9 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 401e823764..d8d3461190 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 60741cddbd..e51062e703 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 1b5ca69a65..2bde90139d 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 359a948d40..684c6ee36a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index a906a74505..ecc31fc106 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -55,8 +55,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1dced5e469..3d1884be00 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -49,8 +49,9 @@ RUN set -eux; \ ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ fi; \ apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo en_US.UTF-8 UTF-8 >> /etc/locale.gen; \ - locale-gen + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' ENV LANG en_US.utf8 RUN set -eux; \ From 25f6ba56f915bb41b2e2def0ed3acc5ae5439f44 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:47:00 +0100 Subject: [PATCH 062/142] Add alpine 3.19 --- 11/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 12/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 13/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 14/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 15/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 16/{alpine3.17 => alpine3.19}/Dockerfile | 4 +-- .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 14 files changed, 31 insertions(+), 31 deletions(-) rename 11/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 11/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 12/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 12/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 13/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 13/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 14/{alpine3.17 => alpine3.19}/Dockerfile (98%) rename 14/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 15/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 15/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) rename 16/{alpine3.17 => alpine3.19}/Dockerfile (99%) rename 16/{alpine3.17 => alpine3.19}/docker-entrypoint.sh (100%) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.19/Dockerfile similarity index 98% rename from 11/alpine3.17/Dockerfile rename to 11/alpine3.19/Dockerfile index 6675a1cb21..a76eb7be7e 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/11/alpine3.17/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 11/alpine3.17/docker-entrypoint.sh rename to 11/alpine3.19/docker-entrypoint.sh diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.19/Dockerfile similarity index 98% rename from 12/alpine3.17/Dockerfile rename to 12/alpine3.19/Dockerfile index f7f9284cbf..6f3347c0ff 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/12/alpine3.17/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.17/docker-entrypoint.sh rename to 12/alpine3.19/docker-entrypoint.sh diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.19/Dockerfile similarity index 98% rename from 13/alpine3.17/Dockerfile rename to 13/alpine3.19/Dockerfile index ab7ceab4b1..e82d1b9db4 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -152,7 +152,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/13/alpine3.17/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.17/docker-entrypoint.sh rename to 13/alpine3.19/docker-entrypoint.sh diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.19/Dockerfile similarity index 98% rename from 14/alpine3.17/Dockerfile rename to 14/alpine3.19/Dockerfile index 4283c5f1b0..20ac720b77 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -155,7 +155,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/14/alpine3.17/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.17/docker-entrypoint.sh rename to 14/alpine3.19/docker-entrypoint.sh diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.19/Dockerfile similarity index 99% rename from 15/alpine3.17/Dockerfile rename to 15/alpine3.19/Dockerfile index 324f745d35..d419a42cae 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -158,7 +158,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/15/alpine3.17/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.17/docker-entrypoint.sh rename to 15/alpine3.19/docker-entrypoint.sh diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.19/Dockerfile similarity index 99% rename from 16/alpine3.17/Dockerfile rename to 16/alpine3.19/Dockerfile index ef93501447..0f98b442c0 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -5,7 +5,7 @@ # -FROM alpine:3.17 +FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -157,7 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ + echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ ; \ postgres --version diff --git a/16/alpine3.17/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.17/docker-entrypoint.sh rename to 16/alpine3.19/docker-entrypoint.sh diff --git a/versions.json b/versions.json index f4acc7ebf5..cb4d0f2acd 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "11": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "11.22" }, "12": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "12.17" }, "13": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "13.13" }, "14": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "14.10" }, "15": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "15.5" }, "16": { - "alpine": "3.18", + "alpine": "3.19", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.18", - "alpine3.17" + "alpine3.19", + "alpine3.18" ], "version": "16.1" } diff --git a/versions.sh b/versions.sh index 7c044441b7..50285beefb 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.19 3.18 - 3.17 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 3e5f87d0d0e13cad06ae7cdd07399baa5ece2d5f Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Fri, 8 Dec 2023 17:02:44 -0800 Subject: [PATCH 063/142] Remove PostgreSQL 11 since it is end of life https://www.postgresql.org/support/versioning/ --- 11/alpine3.18/Dockerfile | 206 ----------------- 11/alpine3.18/docker-entrypoint.sh | 351 ----------------------------- 11/alpine3.19/Dockerfile | 206 ----------------- 11/alpine3.19/docker-entrypoint.sh | 351 ----------------------------- 11/bookworm/Dockerfile | 221 ------------------ 11/bookworm/docker-entrypoint.sh | 351 ----------------------------- 11/bullseye/Dockerfile | 221 ------------------ 11/bullseye/docker-entrypoint.sh | 351 ----------------------------- versions.json | 31 --- versions.sh | 3 +- 10 files changed, 1 insertion(+), 2291 deletions(-) delete mode 100644 11/alpine3.18/Dockerfile delete mode 100755 11/alpine3.18/docker-entrypoint.sh delete mode 100644 11/alpine3.19/Dockerfile delete mode 100755 11/alpine3.19/docker-entrypoint.sh delete mode 100644 11/bookworm/Dockerfile delete mode 100755 11/bookworm/docker-entrypoint.sh delete mode 100644 11/bullseye/Dockerfile delete mode 100755 11/bullseye/docker-entrypoint.sh diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile deleted file mode 100644 index 8e5d701a7d..0000000000 --- a/11/alpine3.18/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.18 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.18/docker-entrypoint.sh b/11/alpine3.18/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.18/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/alpine3.19/Dockerfile b/11/alpine3.19/Dockerfile deleted file mode 100644 index a76eb7be7e..0000000000 --- a/11/alpine3.19/Dockerfile +++ /dev/null @@ -1,206 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - - -FROM alpine:3.19 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -# su-exec (gosu-compatible) is installed further down - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 11 -ENV PG_VERSION 11.22 -ENV PG_SHA256 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world; \ - make install-world; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - su-exec \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/alpine3.19/docker-entrypoint.sh b/11/alpine3.19/docker-entrypoint.sh deleted file mode 100755 index a383a36487..0000000000 --- a/11/alpine3.19/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile deleted file mode 100644 index 4406b7a246..0000000000 --- a/11/bookworm/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bookworm/docker-entrypoint.sh b/11/bookworm/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile deleted file mode 100644 index ce3e8bb562..0000000000 --- a/11/bullseye/Dockerfile +++ /dev/null @@ -1,221 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 11 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 11.22-1.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. -# -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/12/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/11/bullseye/docker-entrypoint.sh b/11/bullseye/docker-entrypoint.sh deleted file mode 100755 index 0ae0ecf8c2..0000000000 --- a/11/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/versions.json b/versions.json index cb4d0f2acd..f252bb90a5 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "11": { - "alpine": "3.19", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "11.22-1.pgdg110+1" - }, - "debian": "", - "major": 11, - "sha256": "2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0", - "variants": [ - "bookworm", - "bullseye", - "alpine3.19", - "alpine3.18" - ], - "version": "11.22" - }, "12": { "alpine": "3.19", "bookworm": { diff --git a/versions.sh b/versions.sh index 50285beefb..b50f99ed38 100755 --- a/versions.sh +++ b/versions.sh @@ -12,7 +12,6 @@ supportedAlpineVersions=( ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( - [11]='' # https://github.com/docker-library/postgres/issues/582 😬 ) defaultAlpineVersion="${supportedAlpineVersions[0]}" declare -A alpineVersions=( @@ -81,7 +80,7 @@ for version in "${versions[@]}"; do export version versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" - versionDebianSuite="${debianSuites[$version]-$defaultDebianSuite}" # intentionally missing ":" so it can be empty (again, https://github.com/docker-library/postgres/issues/582 😭) + versionDebianSuite="${debianSuites[$version]:-$defaultDebianSuite}" export versionAlpineVersion versionDebianSuite doc="$(jq -nc '{ From c86568af4a6861cb30b8f1b736b0868a3129bdd6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 15:50:55 -0800 Subject: [PATCH 064/142] Add new "docker-ensure-initdb.sh" script This mimics the behavior of `docker-entrypoint.sh` before it starts the PostgreSQL server. It has three main goals/uses: 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution (no-op if database is already initialized) 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use (error if database is already initialized) --- .gitattributes | 7 +-- 12/alpine3.18/Dockerfile | 3 +- 12/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.18/docker-entrypoint.sh | 1 + 12/alpine3.19/Dockerfile | 3 +- 12/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/alpine3.19/docker-entrypoint.sh | 1 + 12/bookworm/Dockerfile | 3 +- 12/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bookworm/docker-entrypoint.sh | 1 + 12/bullseye/Dockerfile | 3 +- 12/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 12/bullseye/docker-entrypoint.sh | 1 + 13/alpine3.18/Dockerfile | 3 +- 13/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.18/docker-entrypoint.sh | 1 + 13/alpine3.19/Dockerfile | 3 +- 13/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/alpine3.19/docker-entrypoint.sh | 1 + 13/bookworm/Dockerfile | 3 +- 13/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bookworm/docker-entrypoint.sh | 1 + 13/bullseye/Dockerfile | 3 +- 13/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 13/bullseye/docker-entrypoint.sh | 1 + 14/alpine3.18/Dockerfile | 3 +- 14/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.18/docker-entrypoint.sh | 1 + 14/alpine3.19/Dockerfile | 3 +- 14/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/alpine3.19/docker-entrypoint.sh | 1 + 14/bookworm/Dockerfile | 3 +- 14/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bookworm/docker-entrypoint.sh | 1 + 14/bullseye/Dockerfile | 3 +- 14/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 14/bullseye/docker-entrypoint.sh | 1 + 15/alpine3.18/Dockerfile | 3 +- 15/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.18/docker-entrypoint.sh | 1 + 15/alpine3.19/Dockerfile | 3 +- 15/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/alpine3.19/docker-entrypoint.sh | 1 + 15/bookworm/Dockerfile | 3 +- 15/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bookworm/docker-entrypoint.sh | 1 + 15/bullseye/Dockerfile | 3 +- 15/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 15/bullseye/docker-entrypoint.sh | 1 + 16/alpine3.18/Dockerfile | 3 +- 16/alpine3.18/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.18/docker-entrypoint.sh | 1 + 16/alpine3.19/Dockerfile | 3 +- 16/alpine3.19/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/alpine3.19/docker-entrypoint.sh | 1 + 16/bookworm/Dockerfile | 3 +- 16/bookworm/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bookworm/docker-entrypoint.sh | 1 + 16/bullseye/Dockerfile | 3 +- 16/bullseye/docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ 16/bullseye/docker-entrypoint.sh | 1 + Dockerfile-alpine.template | 3 +- Dockerfile-debian.template | 3 +- apply-templates.sh | 4 +- docker-ensure-initdb.sh | 71 +++++++++++++++++++++++++++ docker-entrypoint.sh | 1 + 66 files changed, 1562 insertions(+), 27 deletions(-) create mode 100755 12/alpine3.18/docker-ensure-initdb.sh create mode 100755 12/alpine3.19/docker-ensure-initdb.sh create mode 100755 12/bookworm/docker-ensure-initdb.sh create mode 100755 12/bullseye/docker-ensure-initdb.sh create mode 100755 13/alpine3.18/docker-ensure-initdb.sh create mode 100755 13/alpine3.19/docker-ensure-initdb.sh create mode 100755 13/bookworm/docker-ensure-initdb.sh create mode 100755 13/bullseye/docker-ensure-initdb.sh create mode 100755 14/alpine3.18/docker-ensure-initdb.sh create mode 100755 14/alpine3.19/docker-ensure-initdb.sh create mode 100755 14/bookworm/docker-ensure-initdb.sh create mode 100755 14/bullseye/docker-ensure-initdb.sh create mode 100755 15/alpine3.18/docker-ensure-initdb.sh create mode 100755 15/alpine3.19/docker-ensure-initdb.sh create mode 100755 15/bookworm/docker-ensure-initdb.sh create mode 100755 15/bullseye/docker-ensure-initdb.sh create mode 100755 16/alpine3.18/docker-ensure-initdb.sh create mode 100755 16/alpine3.19/docker-ensure-initdb.sh create mode 100755 16/bookworm/docker-ensure-initdb.sh create mode 100755 16/bullseye/docker-ensure-initdb.sh create mode 100755 docker-ensure-initdb.sh diff --git a/.gitattributes b/.gitattributes index 14a112269e..4d1ee06a43 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ -/*/**/Dockerfile linguist-generated -/*/**/docker-entrypoint.sh linguist-generated -/Dockerfile*.template linguist-language=Dockerfile +/*/**/Dockerfile linguist-generated +/*/**/docker-ensure-initdb.sh linguist-generated +/*/**/docker-entrypoint.sh linguist-generated +/Dockerfile*.template linguist-language=Dockerfile diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..3e001b1aa2 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..05b1be0566 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 165a9666bf..647dc8dc43 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 6a6dd9ee59..82386336a2 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/12/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..22fbdc8ed4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..2bc16e1885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -169,7 +169,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index d97ed4221c..1086785f54 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bookworm/docker-ensure-initdb.sh b/13/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index d88766fc44..0f2b30c55e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -186,7 +186,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/13/bullseye/docker-ensure-initdb.sh b/13/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/13/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..341fb0e3f9 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..fdd06f4f20 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -172,7 +172,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e99b2427b9..4905043349 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bookworm/docker-ensure-initdb.sh b/14/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index d8d3461190..95e24e495a 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/14/bullseye/docker-ensure-initdb.sh b/14/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/14/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..7a14aa21fe 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..77e01e3a9c 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -175,7 +175,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index e51062e703..af0da3d468 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bookworm/docker-ensure-initdb.sh b/15/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2bde90139d..2d9db9bb37 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/15/bullseye/docker-ensure-initdb.sh b/15/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/15/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..c96c944ca2 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.18/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.18/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..9228071a3e 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -174,7 +174,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..151d75ef96 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 684c6ee36a..15369fd019 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bookworm/docker-ensure-initdb.sh b/16/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ecc31fc106..b132cc211b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -184,7 +184,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/16/bullseye/docker-ensure-initdb.sh b/16/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/16/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..23e53677e1 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -194,7 +194,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 3d1884be00..588fced34d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -182,7 +182,8 @@ ENV PGDATA /var/lib/postgresql/data RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data -COPY docker-entrypoint.sh /usr/local/bin/ +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..fb375d379f 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -52,12 +52,12 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh "$dir/" + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" + sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' diff --git a/docker-ensure-initdb.sh b/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..6d197bc01f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -225,6 +225,7 @@ docker_setup_env() { : "${POSTGRES_HOST_AUTH_METHOD:=}" declare -g DATABASE_ALREADY_EXISTS + : "${DATABASE_ALREADY_EXISTS:=}" # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' From 1d4651c6c9ee4caf314a62a41111e7c65710f77e Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 11 Dec 2023 10:50:20 -0500 Subject: [PATCH 065/142] Revert "Added inline SBOM for binaries downloaded outside package manager" This reverts commit 6f4ae836406b010948f01fbcb400a31dca4fdf52. --- .gitignore | 1 - 12/alpine3.18/Dockerfile | 4 +--- 12/alpine3.19/Dockerfile | 4 +--- 13/alpine3.18/Dockerfile | 4 +--- 13/alpine3.19/Dockerfile | 4 +--- 14/alpine3.18/Dockerfile | 4 +--- 14/alpine3.19/Dockerfile | 4 +--- 15/alpine3.18/Dockerfile | 4 +--- 15/alpine3.19/Dockerfile | 4 +--- 16/alpine3.18/Dockerfile | 4 +--- 16/alpine3.19/Dockerfile | 4 +--- Dockerfile-alpine.template | 16 +--------------- apply-templates.sh | 5 ----- 13 files changed, 11 insertions(+), 51 deletions(-) diff --git a/.gitignore b/.gitignore index 2a4a211b89..d548f66de0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .jq-template.awk -template-helper-functions.jq diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..13907f6199 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..d3c4866ae1 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..ae0476428e 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..b91d2ed943 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..4180502a27 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..ce011a9531 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..63e59bbb90 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..63894586fb 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..626e269ce6 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..7abdc999d8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..cd2b282f45 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,3 @@ -{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -165,20 +164,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{{ - { - name: "postgres", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine"), - }, - licenses: [ - "PostgreSQL" - ] - } | sbom | tostring - }}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,11 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi -jqf='template-helper-functions.jq' -if [ "$BASH_SOURCE" -nt "$jqf" ]; then - wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' -fi - if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions" From 7dece99f9177adfc46a694797fb4f0c195f46182 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 11 Dec 2023 11:39:54 -0800 Subject: [PATCH 066/142] Only print password length warning for 12 and 13 In 14+, the arbitrary length limitations have been removed from the PostgreSQL server (https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98). --- 12/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 12/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 13/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 14/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 15/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.18/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/alpine3.19/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bookworm/docker-entrypoint.sh | 24 ++++++++++++++---------- 16/bullseye/docker-entrypoint.sh | 24 ++++++++++++++---------- docker-entrypoint.sh | 24 ++++++++++++++---------- 21 files changed, 294 insertions(+), 210 deletions(-) diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.18/docker-entrypoint.sh +++ b/12/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bookworm/docker-entrypoint.sh +++ b/12/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/12/bullseye/docker-entrypoint.sh +++ b/12/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.18/docker-entrypoint.sh +++ b/13/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.18/docker-entrypoint.sh +++ b/14/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.18/docker-entrypoint.sh +++ b/15/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.18/docker-entrypoint.sh +++ b/16/alpine3.18/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index a383a36487..a50a92bf58 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ae0ecf8c2..1a1ae5b3ef 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -103,20 +103,24 @@ docker_init_database_dir() { # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - This will not work if used via PGPASSWORD with "psql". + This will not work if used via PGPASSWORD with "psql". - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 - EOWARN - fi + EOWARN + fi + ;; + esac if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then # The - option suppresses leading tabs but *not* spaces. :) cat >&2 <<-'EOE' From d416768b1a7f03919b9cf0fef6adc9dcad937888 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 4 Jan 2024 13:52:40 -0800 Subject: [PATCH 067/142] Add `less` to Debian variants https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) --- 12/bookworm/Dockerfile | 4 ++++ 12/bullseye/Dockerfile | 4 ++++ 13/bookworm/Dockerfile | 4 ++++ 13/bullseye/Dockerfile | 4 ++++ 14/bookworm/Dockerfile | 4 ++++ 14/bullseye/Dockerfile | 4 ++++ 15/bookworm/Dockerfile | 4 ++++ 15/bullseye/Dockerfile | 4 ++++ 16/bookworm/Dockerfile | 4 ++++ 16/bullseye/Dockerfile | 4 ++++ Dockerfile-debian.template | 4 ++++ 11 files changed, 44 insertions(+) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 647dc8dc43..20968d7618 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 82386336a2..d311e72ebf 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 1086785f54..a98e9c3f2c 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 0f2b30c55e..a4374dfff1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 4905043349..096e32d754 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 95e24e495a..e507624db1 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index af0da3d468..f05387d1d2 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 2d9db9bb37..b091bc4425 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 15369fd019..a2bde2b26a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b132cc211b..5d0cd70a12 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 588fced34d..878e813250 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,6 +14,10 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ ; \ rm -rf /var/lib/apt/lists/* From 764632913153817ef4216eebea6a4708ec5549fb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:02:23 -0800 Subject: [PATCH 068/142] Update 12 to 12.18, bookworm 12.18-1.pgdg120+1, bullseye 12.18-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 2c83e89017..b8f1171df7 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 44927f2474..900ed44181 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.17 -ENV PG_SHA256 93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6 +ENV PG_VERSION 12.18 +ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 20968d7618..3db6428e88 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index d311e72ebf..98e115e2bc 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.17-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index f252bb90a5..7d9273e951 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg120+1" + "version": "12.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.17-1.pgdg110+1" + "version": "12.18-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "93e8e1b23981d5f03c6c5763f77b28184c1ce4db7194fa466e2edb65d9c1c5f6", + "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.17" + "version": "12.18" }, "13": { "alpine": "3.19", From c3c66a192905283ee9c9c34b03c73180975e6fad Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:16:28 -0800 Subject: [PATCH 069/142] Update 13 to 13.14, bookworm 13.14-1.pgdg120+1, bullseye 13.14-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 792663345d..34f1f7f4ce 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 1784e8ef88..217875c8e8 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.13 -ENV PG_SHA256 8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 +ENV PG_VERSION 13.14 +ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index a98e9c3f2c..bf47c93221 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a4374dfff1..6a520a4690 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.13-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7d9273e951..bb5882792d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg120+1" + "version": "13.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.13-1.pgdg110+1" + "version": "13.14-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474", + "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.13" + "version": "13.14" }, "14": { "alpine": "3.19", From 3b6cb599da1bab72e4f57c54879e41c8c20fd036 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:28:15 -0800 Subject: [PATCH 070/142] Update 14 to 14.11, bookworm 14.11-1.pgdg120+1, bullseye 14.11-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 3a1d96e249..67f44f5ddc 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 8292d8e093..75bb2296eb 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.10 -ENV PG_SHA256 c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399 +ENV PG_VERSION 14.11 +ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 096e32d754..ec78178beb 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index e507624db1..33f2dfdb0c 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.10-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index bb5882792d..8e39f20e35 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg120+1" + "version": "14.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.10-1.pgdg110+1" + "version": "14.11-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "c99431c48e9d470b0d0ab946eb2141a3cd19130c2fb4dc4b3284a7774ecc8399", + "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.10" + "version": "14.11" }, "15": { "alpine": "3.19", From 539bdac35db7b6a7f91c0b9d911522d21f5b9083 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:40:08 -0800 Subject: [PATCH 071/142] Update 15 to 15.6, bookworm 15.6-1.pgdg120+1, bullseye 15.6-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index d05d71b879..1e01ab817a 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 3dabd7e91f..6e23b453e3 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.5 -ENV PG_SHA256 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 +ENV PG_VERSION 15.6 +ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f05387d1d2..207e171d14 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b091bc4425..ffcd03a6ec 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.5-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8e39f20e35..ae715fc93a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg120+1" + "version": "15.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.5-1.pgdg110+1" + "version": "15.6-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6", + "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.5" + "version": "15.6" }, "16": { "alpine": "3.19", From 5403edd423ba9fd047d2abf5ed7fdb9131c7a527 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Feb 2024 11:52:58 -0800 Subject: [PATCH 072/142] Update 16 to 16.2, bookworm 16.2-1.pgdg120+1, bullseye 16.2-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 2ea886dcb8..4d5255bd2d 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index e934d38c80..9b92f65596 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.1 -ENV PG_SHA256 ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec +ENV PG_VERSION 16.2 +ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a2bde2b26a..70b739b032 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 5d0cd70a12..e13f449597 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.1-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae715fc93a..486395fcbb 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg120+1" + "version": "16.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.1-1.pgdg110+1" + "version": "16.2-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec", + "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.1" + "version": "16.2" } } From 6e883d9b1efe8479bca7ad0eab354a95fee46786 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:02:23 -0800 Subject: [PATCH 073/142] Update 12 to bookworm 12.18-1.pgdg120+2, bullseye 12.18-1.pgdg110+2 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 3db6428e88..57a1adc6c0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+1 +ENV PG_VERSION 12.18-1.pgdg120+2 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 98e115e2bc..be1f0a5679 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+1 +ENV PG_VERSION 12.18-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 486395fcbb..609cc0c372 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+1" + "version": "12.18-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+1" + "version": "12.18-1.pgdg110+2" }, "debian": "bookworm", "major": 12, From a2de6cd9b0e9ad68b03148241195e15137246c29 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:05:32 -0800 Subject: [PATCH 074/142] Update 13 to bookworm 13.14-1.pgdg120+2, bullseye 13.14-1.pgdg110+2 --- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index bf47c93221..9680e20808 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+1 +ENV PG_VERSION 13.14-1.pgdg120+2 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 6a520a4690..8de5fe7ef8 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+1 +ENV PG_VERSION 13.14-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 609cc0c372..639099583e 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+1" + "version": "13.14-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -48,7 +48,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+1" + "version": "13.14-1.pgdg110+2" }, "debian": "bookworm", "major": 13, From 901df4c333940b96e1b438f9bd6dcd0f1c534116 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:09:00 -0800 Subject: [PATCH 075/142] Update 14 to bookworm 14.11-1.pgdg120+2, bullseye 14.11-1.pgdg110+2 --- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ec78178beb..8725665d37 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+1 +ENV PG_VERSION 14.11-1.pgdg120+2 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 33f2dfdb0c..838745c85b 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+1 +ENV PG_VERSION 14.11-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 639099583e..ff00e51936 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+1" + "version": "14.11-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -79,7 +79,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+1" + "version": "14.11-1.pgdg110+2" }, "debian": "bookworm", "major": 14, From 34d4c14c235806e57fdd5eaf197f718fccee93b0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:12:29 -0800 Subject: [PATCH 076/142] Update 15 to bookworm 15.6-1.pgdg120+2, bullseye 15.6-1.pgdg110+2 --- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 207e171d14..93dc03e4a4 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+1 +ENV PG_VERSION 15.6-1.pgdg120+2 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ffcd03a6ec..8430750ba4 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+1 +ENV PG_VERSION 15.6-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff00e51936..832408a656 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+1" + "version": "15.6-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -110,7 +110,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+1" + "version": "15.6-1.pgdg110+2" }, "debian": "bookworm", "major": 15, From 1424abf76f421d6f7bf933d9e42bbbed866fae3a Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 12 Feb 2024 11:15:38 -0800 Subject: [PATCH 077/142] Update 16 to bookworm 16.2-1.pgdg120+2, bullseye 16.2-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 70b739b032..37451960bf 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+1 +ENV PG_VERSION 16.2-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index e13f449597..3427042156 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+1 +ENV PG_VERSION 16.2-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 832408a656..0311dfed38 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+1" + "version": "16.2-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+1" + "version": "16.2-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From ab6925051ca097d415816928a50c483ecc370c00 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Tue, 20 Feb 2024 16:46:13 -0800 Subject: [PATCH 078/142] update to gosu 1.17 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- Dockerfile-debian.template | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 57a1adc6c0..d5345d4ae9 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index be1f0a5679..b1feb37b00 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 9680e20808..b4d5f58f78 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 8de5fe7ef8..3b97cb768e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 8725665d37..ffb2e6e781 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 838745c85b..8759c8d149 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 93dc03e4a4..c0b4f06471 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 8430750ba4..6765174e25 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 37451960bf..6bcb1b873a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 3427042156..9e87ce3e5b 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -29,7 +29,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 878e813250..479f147c7f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -23,7 +23,7 @@ RUN set -ex; \ # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From ccf4f2289a1e59ddf74a5d1e6eb7693b7f464b54 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:02:23 -0700 Subject: [PATCH 079/142] Update 12 to 12.19, bookworm 12.19-1.pgdg120+1, bullseye 12.19-1.pgdg110+1 --- 12/alpine3.18/Dockerfile | 4 ++-- 12/alpine3.19/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index b8f1171df7..ca48d22265 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 900ed44181..b146ec3621 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.18 -ENV PG_SHA256 4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a +ENV PG_VERSION 12.19 +ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d5345d4ae9..e697613ae2 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg120+2 +ENV PG_VERSION 12.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index b1feb37b00..da4e8e2ee5 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.18-1.pgdg110+2 +ENV PG_VERSION 12.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0311dfed38..fec7c6617c 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg120+2" + "version": "12.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.18-1.pgdg110+2" + "version": "12.19-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a", + "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "12.18" + "version": "12.19" }, "13": { "alpine": "3.19", From f3ab8c6db63e2986453e0a4fae2c5f372dd4f05e Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:16:46 -0700 Subject: [PATCH 080/142] Update 13 to 13.15, bookworm 13.15-1.pgdg120+1, bullseye 13.15-1.pgdg110+1 --- 13/alpine3.18/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 34f1f7f4ce..465b514876 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 217875c8e8..2320c0bef4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.14 -ENV PG_SHA256 b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed +ENV PG_VERSION 13.15 +ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index b4d5f58f78..8b00f0e123 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg120+2 +ENV PG_VERSION 13.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3b97cb768e..b4210684c0 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.14-1.pgdg110+2 +ENV PG_VERSION 13.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fec7c6617c..8eabc72c5c 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg120+2" + "version": "13.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.14-1.pgdg110+2" + "version": "13.15-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed", + "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "13.14" + "version": "13.15" }, "14": { "alpine": "3.19", From 662dbe5225f4d404364bdcf5e49dd5d88357ed31 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:31:12 -0700 Subject: [PATCH 081/142] Update 14 to 14.12, bookworm 14.12-1.pgdg120+1, bullseye 14.12-1.pgdg110+1 --- 14/alpine3.18/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 67f44f5ddc..b1fbd8d556 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 75bb2296eb..3666022f9f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.11 -ENV PG_SHA256 a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8 +ENV PG_VERSION 14.12 +ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index ffb2e6e781..3c9e737ab2 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg120+2 +ENV PG_VERSION 14.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 8759c8d149..048b473058 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.11-1.pgdg110+2 +ENV PG_VERSION 14.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8eabc72c5c..ae360a4c84 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg120+2" + "version": "14.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.11-1.pgdg110+2" + "version": "14.12-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8", + "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "14.11" + "version": "14.12" }, "15": { "alpine": "3.19", From 8a0b96710d917d1c3b32a5fe5b66687ad83827da Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:44:17 -0700 Subject: [PATCH 082/142] Update 15 to 15.7, bookworm 15.7-1.pgdg120+1, bullseye 15.7-1.pgdg110+1 --- 15/alpine3.18/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 1e01ab817a..87a2ce7ae0 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 6e23b453e3..37a1034597 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.6 -ENV PG_SHA256 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb +ENV PG_VERSION 15.7 +ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index c0b4f06471..20dc81de0a 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg120+2 +ENV PG_VERSION 15.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 6765174e25..a8a568956b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.6-1.pgdg110+2 +ENV PG_VERSION 15.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ae360a4c84..378e41db7b 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg120+2" + "version": "15.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.6-1.pgdg110+2" + "version": "15.7-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb", + "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "15.6" + "version": "15.7" }, "16": { "alpine": "3.19", From d08757ccb56ee047efd76c41dbc148e2e2c4f68f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 9 May 2024 11:58:11 -0700 Subject: [PATCH 083/142] Update 16 to 16.3, bookworm 16.3-1.pgdg120+1, bullseye 16.3-1.pgdg110+1 --- 16/alpine3.18/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 4d5255bd2d..17b0859ffe 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 9b92f65596..89aab48dd8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -23,8 +23,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.2 -ENV PG_SHA256 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 +ENV PG_VERSION 16.3 +ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 6bcb1b873a..9983d85c6f 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg120+2 +ENV PG_VERSION 16.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 9e87ce3e5b..b4146f0236 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.2-1.pgdg110+2 +ENV PG_VERSION 16.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 378e41db7b..bd0b1c943f 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg120+2" + "version": "16.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "16.2-1.pgdg110+2" + "version": "16.3-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952", + "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", "variants": [ "bookworm", "bullseye", "alpine3.19", "alpine3.18" ], - "version": "16.2" + "version": "16.3" } } From 930acaf01ff536090a3bb304cf823a8cc777b658 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:39:44 +0200 Subject: [PATCH 084/142] Update to alpine 3.20 --- 12/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.18 => alpine3.20}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 30 +++++++++---------- versions.sh | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) rename 12/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 12/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 13/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 13/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 14/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 14/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 15/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 15/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) rename 16/{alpine3.18 => alpine3.20}/Dockerfile (99%) rename 16/{alpine3.18 => alpine3.20}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.18 => alpine3.20}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.20/Dockerfile similarity index 99% rename from 12/alpine3.18/Dockerfile rename to 12/alpine3.20/Dockerfile index ca48d22265..e68037b78b 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.18/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.18/docker-ensure-initdb.sh rename to 12/alpine3.20/docker-ensure-initdb.sh diff --git a/12/alpine3.18/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.18/docker-entrypoint.sh rename to 12/alpine3.20/docker-entrypoint.sh diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.20/Dockerfile similarity index 99% rename from 13/alpine3.18/Dockerfile rename to 13/alpine3.20/Dockerfile index 465b514876..43fa0ea471 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.18/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.18/docker-ensure-initdb.sh rename to 13/alpine3.20/docker-ensure-initdb.sh diff --git a/13/alpine3.18/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.18/docker-entrypoint.sh rename to 13/alpine3.20/docker-entrypoint.sh diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.20/Dockerfile similarity index 99% rename from 14/alpine3.18/Dockerfile rename to 14/alpine3.20/Dockerfile index b1fbd8d556..0ea12b04fa 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.18/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.18/docker-ensure-initdb.sh rename to 14/alpine3.20/docker-ensure-initdb.sh diff --git a/14/alpine3.18/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.18/docker-entrypoint.sh rename to 14/alpine3.20/docker-entrypoint.sh diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.20/Dockerfile similarity index 99% rename from 15/alpine3.18/Dockerfile rename to 15/alpine3.20/Dockerfile index 87a2ce7ae0..8c67066559 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.18/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.18/docker-ensure-initdb.sh rename to 15/alpine3.20/docker-ensure-initdb.sh diff --git a/15/alpine3.18/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.18/docker-entrypoint.sh rename to 15/alpine3.20/docker-entrypoint.sh diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.20/Dockerfile similarity index 99% rename from 16/alpine3.18/Dockerfile rename to 16/alpine3.20/Dockerfile index 17b0859ffe..d07b848af4 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.18/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.18/docker-ensure-initdb.sh rename to 16/alpine3.20/docker-ensure-initdb.sh diff --git a/16/alpine3.18/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.18/docker-entrypoint.sh rename to 16/alpine3.20/docker-entrypoint.sh diff --git a/versions.json b/versions.json index bd0b1c943f..71d306eba5 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "12.19" }, "13": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "13.15" }, "14": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "14.12" }, "15": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "15.7" }, "16": { - "alpine": "3.19", + "alpine": "3.20", "bookworm": { "arches": [ "amd64", @@ -149,8 +149,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.19", - "alpine3.18" + "alpine3.20", + "alpine3.19" ], "version": "16.3" } diff --git a/versions.sh b/versions.sh index b50f99ed38..e8c1225d53 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.20 3.19 - 3.18 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From d2cafdf55d9091275fa6f1b782b23dd09c592a75 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Wed, 22 May 2024 22:45:53 +0200 Subject: [PATCH 085/142] Bump `actions/checkout` to v4 Prevents a Node.js 16 deprecation warning --- .github/workflows/ci.yml | 4 ++-- .github/workflows/verify-templating.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d898fd2763..ccc7fd8955 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: outputs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker-library/bashbrew@HEAD - id: generate-jobs name: Generate Jobs @@ -35,7 +35,7 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Prepare Environment run: ${{ matrix.runs.prepare }} - name: Pull Dependencies diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 1631af9935..9ece508df6 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -14,7 +14,7 @@ jobs: name: Check For Uncomitted Changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Apply Templates run: ./apply-templates.sh - name: Check Git Status From 41402ac3d12b84453127eaac54b45b300bf30d9a Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 27 May 2024 15:09:04 -0400 Subject: [PATCH 086/142] Add 17 beta1 Fixes #1243 --- 17/alpine3.19/Dockerfile | 209 +++++++++++++++ 17/alpine3.19/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.19/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/alpine3.20/Dockerfile | 209 +++++++++++++++ 17/alpine3.20/docker-ensure-initdb.sh | 71 +++++ 17/alpine3.20/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bookworm/Dockerfile | 226 ++++++++++++++++ 17/bookworm/docker-ensure-initdb.sh | 71 +++++ 17/bookworm/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ 17/bullseye/Dockerfile | 226 ++++++++++++++++ 17/bullseye/docker-ensure-initdb.sh | 71 +++++ 17/bullseye/docker-entrypoint.sh | 356 ++++++++++++++++++++++++++ Dockerfile-alpine.template | 8 + versions.json | 31 +++ 14 files changed, 2617 insertions(+) create mode 100644 17/alpine3.19/Dockerfile create mode 100755 17/alpine3.19/docker-ensure-initdb.sh create mode 100755 17/alpine3.19/docker-entrypoint.sh create mode 100644 17/alpine3.20/Dockerfile create mode 100755 17/alpine3.20/docker-ensure-initdb.sh create mode 100755 17/alpine3.20/docker-entrypoint.sh create mode 100644 17/bookworm/Dockerfile create mode 100755 17/bookworm/docker-ensure-initdb.sh create mode 100755 17/bookworm/docker-entrypoint.sh create mode 100644 17/bullseye/Dockerfile create mode 100755 17/bullseye/docker-ensure-initdb.sh create mode 100755 17/bullseye/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile new file mode 100644 index 0000000000..6c3d203b44 --- /dev/null +++ b/17/alpine3.19/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.19 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.19/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile new file mode 100644 index 0000000000..022e161fa4 --- /dev/null +++ b/17/alpine3.20/Dockerfile @@ -0,0 +1,209 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.20 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +# su-exec (gosu-compatible) is installed further down + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 17 +ENV PG_VERSION 17beta1 +ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm15-dev \ + clang15 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 + export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 + export CLANG=clang-15; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" all; \ + make install; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + su-exec \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" +# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh new file mode 100755 index 0000000000..2a9758656e --- /dev/null +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh new file mode 100755 index 0000000000..8163d10401 --- /dev/null +++ b/17/alpine3.20/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec su-exec postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile new file mode 100644 index 0000000000..8bf86b6c85 --- /dev/null +++ b/17/bookworm/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bookworm/docker-ensure-initdb.sh b/17/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bookworm/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile new file mode 100644 index 0000000000..dd4ac0d544 --- /dev/null +++ b/17/bullseye/Dockerfile @@ -0,0 +1,226 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + mkdir -p /var/lib/postgresql; \ + chown -R postgres:postgres /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 17 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 17~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el | s390x) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 +# (and it "Depends: pgdg-keyring") + apt-get build-dep -y postgresql-common pgdg-keyring; \ + apt-get source --compile postgresql-common pgdg-keyring; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk, which is the best compromise available to avoid data +# corruption. +# +# Users who know their applications do not keep open long-lived idle connections +# may way to use a value of SIGTERM instead, which corresponds to "Smart +# Shutdown mode" in which any existing sessions are allowed to finish and the +# server stops when all sessions are terminated. +# +# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/12/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/17/bullseye/docker-ensure-initdb.sh b/17/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/17/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..6f59993e08 --- /dev/null +++ b/17/bullseye/docker-entrypoint.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 67bba8b6c9..5243eaf412 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -98,7 +98,10 @@ RUN set -eux; \ # "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" # --enable-nls \ --enable-integer-datetimes \ +{{ if .major <= 16 then ( -}} +{{ # in 17: this option is reversed. you need to disable it -}} --enable-thread-safety \ +{{ ) else "" end -}} --enable-tap-tests \ # skip debugging info -- we want tiny size instead # --enable-debug \ @@ -132,8 +135,13 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ +{{ if .major >= 17 then ( -}} + make -j "$(nproc)" all; \ + make install; \ +{{ ) else ( -}} make -j "$(nproc)" world; \ make install-world; \ +{{ ) end -}} make -C contrib install; \ \ runDeps="$( \ diff --git a/versions.json b/versions.json index 71d306eba5..7fbb32aef6 100644 --- a/versions.json +++ b/versions.json @@ -153,5 +153,36 @@ "alpine3.19" ], "version": "16.3" + }, + "17": { + "alpine": "3.20", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg120+1" + }, + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el", + "s390x" + ], + "version": "17~beta1-1.pgdg110+1" + }, + "debian": "bookworm", + "major": 17, + "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "variants": [ + "bookworm", + "bullseye", + "alpine3.20", + "alpine3.19" + ], + "version": "17beta1" } } From 3a7be2f3213ce6e0f13f6a01b927d86aa53d9539 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Fri, 31 May 2024 09:43:40 -0400 Subject: [PATCH 087/142] fixup --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- Dockerfile-alpine.template | 9 ++------- 13 files changed, 26 insertions(+), 31 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index b146ec3621..ecc8522104 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index e68037b78b..74d5277523 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 2320c0bef4..962b528885 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 43fa0ea471..eb373d2cd9 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -119,8 +119,8 @@ RUN set -eux; \ --with-icu \ --with-llvm \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 3666022f9f..74f2c53e78 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 0ea12b04fa..a577a1f994 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -122,8 +122,8 @@ RUN set -eux; \ --with-llvm \ --with-lz4 \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 37a1034597..0a34e0dc97 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 8c67066559..1fac96c7a4 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -125,8 +125,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 89aab48dd8..09fb413aea 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index d07b848af4..1620037cf1 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -124,8 +124,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" world; \ - make install-world; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 6c3d203b44..4d6c3d61fb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 022e161fa4..39375a0e16 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -123,8 +123,8 @@ RUN set -eux; \ --with-lz4 \ --with-zstd \ ; \ - make -j "$(nproc)" all; \ - make install; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 5243eaf412..8535b20a10 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -135,13 +135,8 @@ RUN set -eux; \ --with-zstd \ {{ ) else "" end -}} ; \ -{{ if .major >= 17 then ( -}} - make -j "$(nproc)" all; \ - make install; \ -{{ ) else ( -}} - make -j "$(nproc)" world; \ - make install-world; \ -{{ ) end -}} + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ make -C contrib install; \ \ runDeps="$( \ From 3e9b4eaaebf00d7a8ece67f02e2d6546402f4de7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 3 Jun 2024 13:57:56 -0700 Subject: [PATCH 088/142] Replace `su-exec` with `gosu` There's a major issue with `su-exec` whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program). This also decreases our Debian vs Alpine variance. Due to user scripts/downstream code potentially using `su-exec`, I have included a compatibility symlink to `su-exec` for all versions less than the 17 pre-release. --- 12/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.19/docker-ensure-initdb.sh | 2 +- 12/alpine3.19/docker-entrypoint.sh | 2 +- 12/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 12/alpine3.20/docker-ensure-initdb.sh | 2 +- 12/alpine3.20/docker-entrypoint.sh | 2 +- 13/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.19/docker-ensure-initdb.sh | 2 +- 13/alpine3.19/docker-entrypoint.sh | 2 +- 13/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 13/alpine3.20/docker-ensure-initdb.sh | 2 +- 13/alpine3.20/docker-entrypoint.sh | 2 +- 14/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.19/docker-ensure-initdb.sh | 2 +- 14/alpine3.19/docker-entrypoint.sh | 2 +- 14/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 14/alpine3.20/docker-ensure-initdb.sh | 2 +- 14/alpine3.20/docker-entrypoint.sh | 2 +- 15/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.19/docker-ensure-initdb.sh | 2 +- 15/alpine3.19/docker-entrypoint.sh | 2 +- 15/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 15/alpine3.20/docker-ensure-initdb.sh | 2 +- 15/alpine3.20/docker-entrypoint.sh | 2 +- 16/alpine3.19/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.19/docker-ensure-initdb.sh | 2 +- 16/alpine3.19/docker-entrypoint.sh | 2 +- 16/alpine3.20/Dockerfile | 32 +++++++++++++++++++++++-- 16/alpine3.20/docker-ensure-initdb.sh | 2 +- 16/alpine3.20/docker-entrypoint.sh | 2 +- 17/alpine3.19/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.19/docker-ensure-initdb.sh | 2 +- 17/alpine3.19/docker-entrypoint.sh | 2 +- 17/alpine3.20/Dockerfile | 31 ++++++++++++++++++++++-- 17/alpine3.20/docker-ensure-initdb.sh | 2 +- 17/alpine3.20/docker-entrypoint.sh | 2 +- Dockerfile-alpine.template | 34 +++++++++++++++++++++++++-- apply-templates.sh | 5 ++-- 38 files changed, 416 insertions(+), 53 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index ecc8522104..eb46f0fe36 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.19/docker-ensure-initdb.sh +++ b/12/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.19/docker-entrypoint.sh +++ b/12/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 74d5277523..f1caf318c7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ b/12/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/12/alpine3.20/docker-entrypoint.sh +++ b/12/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 962b528885..39a23522a4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.19/docker-ensure-initdb.sh +++ b/13/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.19/docker-entrypoint.sh +++ b/13/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index eb373d2cd9..567da31557 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -135,7 +164,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/13/alpine3.20/docker-ensure-initdb.sh b/13/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/13/alpine3.20/docker-ensure-initdb.sh +++ b/13/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 74f2c53e78..461318e2b8 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.19/docker-ensure-initdb.sh +++ b/14/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.19/docker-entrypoint.sh +++ b/14/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index a577a1f994..dc839d7c32 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -138,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/14/alpine3.20/docker-ensure-initdb.sh b/14/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/14/alpine3.20/docker-ensure-initdb.sh +++ b/14/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 0a34e0dc97..2f249aa430 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.19/docker-ensure-initdb.sh +++ b/15/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.19/docker-entrypoint.sh +++ b/15/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1fac96c7a4..79b20ac311 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -141,7 +170,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/15/alpine3.20/docker-ensure-initdb.sh b/15/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/15/alpine3.20/docker-ensure-initdb.sh +++ b/15/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 09fb413aea..f949bbb499 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.19/docker-ensure-initdb.sh +++ b/16/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.19/docker-entrypoint.sh +++ b/16/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 1620037cf1..b7606c5b7a 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -14,7 +14,36 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -140,7 +169,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/16/alpine3.20/docker-ensure-initdb.sh b/16/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/16/alpine3.20/docker-ensure-initdb.sh +++ b/16/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 4d6c3d61fb..14ae82dccb 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.19/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.19/docker-ensure-initdb.sh +++ b/17/alpine3.19/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.19/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.19/docker-entrypoint.sh +++ b/17/alpine3.19/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 39375a0e16..f23096b472 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -14,7 +14,35 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -139,7 +167,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.20/docker-ensure-initdb.sh index 2a9758656e..ae1f6b6b90 100755 --- a/17/alpine3.20/docker-ensure-initdb.sh +++ b/17/alpine3.20/docker-ensure-initdb.sh @@ -27,7 +27,7 @@ docker_setup_env docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 8163d10401..6f59993e08 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -310,7 +310,7 @@ _main() { docker_create_db_directories if [ "$(id -u)" = '0' ]; then # then restart script as postgres user - exec su-exec postgres "$BASH_SOURCE" "$@" + exec gosu postgres "$BASH_SOURCE" "$@" fi # only run initialization on an empty data directory diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8535b20a10..f80942090c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -8,7 +8,38 @@ RUN set -eux; \ mkdir -p /var/lib/postgresql; \ chown -R postgres:postgres /var/lib/postgresql -# su-exec (gosu-compatible) is installed further down +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) +{{ ) else "" end -}} # make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default # alpine doesn't require explicit locale-file generation @@ -151,7 +182,6 @@ RUN set -eux; \ apk add --no-cache --virtual .postgresql-rundeps \ $runDeps \ bash \ - su-exec \ tzdata \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split diff --git a/apply-templates.sh b/apply-templates.sh index 69b7a01a85..aa2d65c6b0 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -47,12 +47,9 @@ for version; do echo "processing $dir ..." - cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" - case "$variant" in alpine*) template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" "$dir/docker-ensure-initdb.sh" ;; *) template='Dockerfile-debian.template' @@ -63,5 +60,7 @@ for version; do generated_warning gawk -f "$jqt" "$template" } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/" done done From 9bf5a6d620a90158d8192ee0dba05acc4464d002 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Mon, 1 Jul 2024 17:03:06 -0700 Subject: [PATCH 089/142] Update 17 to 17beta2, bookworm 17~beta2-1.pgdg120+1, bullseye 17~beta2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 14ae82dccb..b862b1f0a8 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index f23096b472..5d717978a4 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -51,8 +51,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta1 -ENV PG_SHA256 089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50 +ENV PG_VERSION 17beta2 +ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8bf86b6c85..44a83ef284 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg120+1 +ENV PG_VERSION 17~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index dd4ac0d544..e93e7e4257 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -90,7 +90,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta1-1.pgdg110+1 +ENV PG_VERSION 17~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7fbb32aef6..0b75cf89a6 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg120+1" + "version": "17~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta1-1.pgdg110+1" + "version": "17~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "089e8854fecd0ca1ec5cd8b29526938f9ef5e91cc331f5d6e118d13468f08f50", + "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta1" + "version": "17beta2" } } From a09f1c441f26784ca64159c112aec8dea0f4d329 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 8 Jul 2024 15:17:21 -0700 Subject: [PATCH 090/142] Use `install` instead of `mkdir && chown && chmod` --- 12/alpine3.19/Dockerfile | 9 +++++---- 12/alpine3.20/Dockerfile | 9 +++++---- 12/bookworm/Dockerfile | 7 +++---- 12/bullseye/Dockerfile | 7 +++---- 13/alpine3.19/Dockerfile | 9 +++++---- 13/alpine3.20/Dockerfile | 9 +++++---- 13/bookworm/Dockerfile | 7 +++---- 13/bullseye/Dockerfile | 7 +++---- 14/alpine3.19/Dockerfile | 9 +++++---- 14/alpine3.20/Dockerfile | 9 +++++---- 14/bookworm/Dockerfile | 7 +++---- 14/bullseye/Dockerfile | 7 +++---- 15/alpine3.19/Dockerfile | 9 +++++---- 15/alpine3.20/Dockerfile | 9 +++++---- 15/bookworm/Dockerfile | 7 +++---- 15/bullseye/Dockerfile | 7 +++---- 16/alpine3.19/Dockerfile | 9 +++++---- 16/alpine3.20/Dockerfile | 9 +++++---- 16/bookworm/Dockerfile | 7 +++---- 16/bullseye/Dockerfile | 7 +++---- 17/alpine3.19/Dockerfile | 9 +++++---- 17/alpine3.20/Dockerfile | 9 +++++---- 17/bookworm/Dockerfile | 7 +++---- 17/bullseye/Dockerfile | 7 +++---- Dockerfile-alpine.template | 9 +++++---- Dockerfile-debian.template | 7 +++---- 26 files changed, 104 insertions(+), 104 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index eb46f0fe36..049e0d481a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index f1caf318c7..6c9b3d48c3 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index e697613ae2..4095800f24 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index da4e8e2ee5..f8d71e9b0f 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 39a23522a4..5e8b9b9c1c 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 567da31557..f1242897c7 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -188,11 +189,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8b00f0e123..c2e61f40d3 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b4210684c0..e57634a2b1 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -183,11 +182,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 461318e2b8..1f77cbffed 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index dc839d7c32..f674836f65 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 3c9e737ab2..c579f62833 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 048b473058..1dcdb845f8 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 2f249aa430..76dc5b24e5 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 79b20ac311..fede5ab89c 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -194,11 +195,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 20dc81de0a..b91220a9ee 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index a8a568956b..9323d7ef31 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index f949bbb499..be479c5be2 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index b7606c5b7a..447f1d8e10 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -193,11 +194,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 9983d85c6f..d13273b08a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index b4146f0236..f2827ff9af 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b862b1f0a8..cc263a0644 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.19 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5d717978a4..07dc7c4750 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -11,8 +11,9 @@ FROM alpine:3.20 RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -191,11 +192,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 44a83ef284..99dfd4b35c 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e93e7e4257..249d0cdf80 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -13,8 +13,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -181,11 +180,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f80942090c..3d6236e6e8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,8 +5,9 @@ FROM alpine:{{ env.variant | ltrimstr("alpine") }} RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases @@ -206,11 +207,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 479f147c7f..1fa84903ac 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -7,8 +7,7 @@ RUN set -eux; \ useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ # also create the postgres user's home directory with appropriate permissions # see https://github.com/docker-library/postgres/issues/274 - mkdir -p /var/lib/postgresql; \ - chown -R postgres:postgres /var/lib/postgresql + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql RUN set -ex; \ apt-get update; \ @@ -179,11 +178,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ From 62f99df90060f4105ebe9a6bd88611370f52aa16 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:22:52 -0700 Subject: [PATCH 091/142] Update 12 to 12.20, bookworm 12.20-1.pgdg120+1, bullseye 12.20-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 049e0d481a..e3f5683277 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 6c9b3d48c3..2c1db6c7f0 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.19 -ENV PG_SHA256 617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb +ENV PG_VERSION 12.20 +ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 4095800f24..d80c0a4345 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg120+1 +ENV PG_VERSION 12.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f8d71e9b0f..f11f9db297 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.19-1.pgdg110+1 +ENV PG_VERSION 12.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0b75cf89a6..7ff211b73a 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg120+1" + "version": "12.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.19-1.pgdg110+1" + "version": "12.20-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb", + "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.19" + "version": "12.20" }, "13": { "alpine": "3.20", From ce54cce510ed5da4ed9e1e66ddeb6e3300786813 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:37:43 -0700 Subject: [PATCH 092/142] Update 13 to 13.16, bookworm 13.16-1.pgdg120+1, bullseye 13.16-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 5e8b9b9c1c..eb4350a655 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f1242897c7..d365154e29 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.15 -ENV PG_SHA256 42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 +ENV PG_VERSION 13.16 +ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index c2e61f40d3..8c9451e1b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg120+1 +ENV PG_VERSION 13.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e57634a2b1..c8770da222 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.15-1.pgdg110+1 +ENV PG_VERSION 13.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 7ff211b73a..28e9d7eb16 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg120+1" + "version": "13.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.15-1.pgdg110+1" + "version": "13.16-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925", + "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.15" + "version": "13.16" }, "14": { "alpine": "3.20", From e324d93eba7160270512436fd5e9464f91cfbcb9 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 09:52:20 -0700 Subject: [PATCH 093/142] Update 14 to 14.13, bookworm 14.13-1.pgdg120+1, bullseye 14.13-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 1f77cbffed..533e23e6be 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index f674836f65..4b89e0d558 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.12 -ENV PG_SHA256 6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923 +ENV PG_VERSION 14.13 +ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index c579f62833..88743d5041 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg120+1 +ENV PG_VERSION 14.13-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 1dcdb845f8..a69d4098f9 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.12-1.pgdg110+1 +ENV PG_VERSION 14.13-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 28e9d7eb16..e26c3cbc91 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg120+1" + "version": "14.13-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.12-1.pgdg110+1" + "version": "14.13-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6118d08f9ddcc1bd83cf2b7cc74d3b583bdcec2f37e6245a8ac003b8faa80923", + "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.12" + "version": "14.13" }, "15": { "alpine": "3.20", From 8cce578a4361ed18a29f53fed24e4554f673a3a4 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:06:32 -0700 Subject: [PATCH 094/142] Update 15 to 15.8, bookworm 15.8-1.pgdg120+1, bullseye 15.8-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index 76dc5b24e5..e9c2dbb37d 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index fede5ab89c..83e8a4640d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.7 -ENV PG_SHA256 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 +ENV PG_VERSION 15.8 +ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index b91220a9ee..859acbfbdd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg120+1 +ENV PG_VERSION 15.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 9323d7ef31..aff946fa54 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.7-1.pgdg110+1 +ENV PG_VERSION 15.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index e26c3cbc91..269d2b550d 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg120+1" + "version": "15.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.7-1.pgdg110+1" + "version": "15.8-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7", + "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.7" + "version": "15.8" }, "16": { "alpine": "3.20", From 3a94d965ecbe08f4b1b255d3ed9ccae671a7a984 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:20:28 -0700 Subject: [PATCH 095/142] Update 16 to 16.4, bookworm 16.4-1.pgdg120+1, bullseye 16.4-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index be479c5be2..16f3df5884 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 447f1d8e10..33d01092b9 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.3 -ENV PG_SHA256 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 +ENV PG_VERSION 16.4 +ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index d13273b08a..c18ea696cd 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index f2827ff9af..012558e80c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.3-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 269d2b550d..4e84ee27cf 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg120+1" + "version": "16.4-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.3-1.pgdg110+1" + "version": "16.4-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585", + "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.3" + "version": "16.4" }, "17": { "alpine": "3.20", From 805329e7a64fad212a5d4b07abd11238a9beab75 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 8 Aug 2024 10:34:59 -0700 Subject: [PATCH 096/142] Update 17 to 17beta3, bookworm 17~beta3-1.pgdg120+1, bullseye 17~beta3-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index cc263a0644..b969aee611 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 07dc7c4750..c8c66543d7 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta2 -ENV PG_SHA256 157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c +ENV PG_VERSION 17beta3 +ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 99dfd4b35c..4f6df7d667 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg120+1 +ENV PG_VERSION 17~beta3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 249d0cdf80..8da5fa76ca 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta2-1.pgdg110+1 +ENV PG_VERSION 17~beta3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 4e84ee27cf..d05ed23319 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg120+1" + "version": "17~beta3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta2-1.pgdg110+1" + "version": "17~beta3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "157af3af2cbc40364990835f518aea0711703e1c48f204b54dfd49b46cd8716c", + "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta2" + "version": "17beta3" } } From eaa1c35769621a6bb1e499073a5812ba478c7688 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 5 Sep 2024 06:44:37 -0700 Subject: [PATCH 097/142] Update 17 to 17rc1, bookworm 17~rc1-1.pgdg120+1, bullseye 17~rc1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index b969aee611..16ab9112c1 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index c8c66543d7..98d356561b 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17beta3 -ENV PG_SHA256 010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71 +ENV PG_VERSION 17rc1 +ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 4f6df7d667..b3c3dcde80 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg120+1 +ENV PG_VERSION 17~rc1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 8da5fa76ca..cfec2a2c06 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~beta3-1.pgdg110+1 +ENV PG_VERSION 17~rc1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d05ed23319..430925d3c7 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg120+1" + "version": "17~rc1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~beta3-1.pgdg110+1" + "version": "17~rc1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "010dfaff9fcca6afa2fd576eea89cdabcefc262aa0ba89a6845eaab4d4b08f71", + "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17beta3" + "version": "17rc1" } } From c9906f922daaacdfc425b3b918e7644a8722290d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:03:00 -0700 Subject: [PATCH 098/142] Update 16 to bookworm 16.4-1.pgdg120+2, bullseye 16.4-1.pgdg110+2 --- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c18ea696cd..40feae2173 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+1 +ENV PG_VERSION 16.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 012558e80c..fb685497f9 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+1 +ENV PG_VERSION 16.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 430925d3c7..8cbf6910e9 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+1" + "version": "16.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+1" + "version": "16.4-1.pgdg110+2" }, "debian": "bookworm", "major": 16, From 172544062d1031004b241e917f5f3f9dfebc0df5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 26 Sep 2024 11:19:57 -0700 Subject: [PATCH 099/142] Update 17 to 17.0, bookworm 17.0-1.pgdg120+1, bullseye 17.0-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 16ab9112c1..793e3d49c5 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 98d356561b..4a33b69d48 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17rc1 -ENV PG_SHA256 cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8 +ENV PG_VERSION 17.0 +ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index b3c3dcde80..21a1f4958d 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg120+1 +ENV PG_VERSION 17.0-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index cfec2a2c06..a7ff8247c8 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17~rc1-1.pgdg110+1 +ENV PG_VERSION 17.0-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 8cbf6910e9..680d43c409 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg120+1" + "version": "17.0-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17~rc1-1.pgdg110+1" + "version": "17.0-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "cef689e2de8c3d605d8406c065573b8d70859fc6f2a8d720b0d98a6d62ef16e8", + "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17rc1" + "version": "17.0" } } From b406380598e74b16619868216518e028720ca653 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 26 Sep 2024 15:59:36 -0700 Subject: [PATCH 100/142] Update "latest" to 17 (now GA) --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9dc0d91ea1..9f708c7f7b 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [16]='latest' + [17]='latest' ) self="$(basename "$BASH_SOURCE")" From a37e929682e8de45a3304a5bf9d63210c2e0a680 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Sep 2024 11:28:39 -0700 Subject: [PATCH 101/142] Update `generate-stackbrew-library.sh` to support `BASHBREW_LIBRARY` for easier cascading updates See https://github.com/docker-library/official-images/pull/17640#issuecomment-2380308790 --- generate-stackbrew-library.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9f708c7f7b..234a5266a1 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -44,17 +44,19 @@ dirCommit() { getArches() { local repo="$1"; shift - local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' + local officialImagesBase="${BASHBREW_LIBRARY:-https://github.com/docker-library/official-images/raw/HEAD/library}/" - eval "declare -g -A parentRepoToArches=( $( - find -name 'Dockerfile' -exec awk ' + local parentRepoToArchesStr + parentRepoToArchesStr="$( + find -name 'Dockerfile' -exec awk -v officialImagesBase="$officialImagesBase" ' toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { - print "'"$officialImagesUrl"'" $2 + printf "%s%s\n", officialImagesBase, $2 } ' '{}' + \ | sort -u \ - | xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"' - ) )" + | xargs -r bashbrew cat --format '["{{ .RepoName }}:{{ .TagName }}"]="{{ join " " .TagEntry.Architectures }}"' + )" + eval "declare -g -A parentRepoToArches=( $parentRepoToArchesStr )" } getArches 'postgres' From 5db7a178fdfa1042ddafc2d507fe830940463c79 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 16 Oct 2024 14:37:29 -0700 Subject: [PATCH 102/142] Use jq's `IN()` instead of `index()` The end result is the same, but the construction is more ergonomic. --- Dockerfile-alpine.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 3d6236e6e8..767923f895 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -38,7 +38,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if [ "12", "13", "14", "15", "16" ] | index(env.version) then ( -}} +{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} From cbe3b78084800aa553239f9726942bb17929ba73 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:38:07 -0800 Subject: [PATCH 103/142] Update 12 to 12.21, bookworm 12.21-1.pgdg120+1, bullseye 12.21-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index e3f5683277..cc16e0ddc8 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 2c1db6c7f0..b8b82118c2 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.20 -ENV PG_SHA256 2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9 +ENV PG_VERSION 12.21 +ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index d80c0a4345..1f92c9baa0 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg120+1 +ENV PG_VERSION 12.21-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index f11f9db297..5d57862bf4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.20-1.pgdg110+1 +ENV PG_VERSION 12.21-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 680d43c409..d1e2d9c4cc 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg120+1" + "version": "12.21-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.20-1.pgdg110+1" + "version": "12.21-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "2d543af3009fec7fd5af35f7a70c95085d3eef6b508e517aa9493e99b15e9ea9", + "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.20" + "version": "12.21" }, "13": { "alpine": "3.20", From 9f3bef00aaeb4453ed9e7336ab1856f7e9424b25 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 10:53:24 -0800 Subject: [PATCH 104/142] Update 13 to 13.17, bookworm 13.17-1.pgdg120+1, bullseye 13.17-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index eb4350a655..59850e682f 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index d365154e29..95466e7e78 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.16 -ENV PG_SHA256 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 +ENV PG_VERSION 13.17 +ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 8c9451e1b9..02dab0fbda 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg120+1 +ENV PG_VERSION 13.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index c8770da222..3e24c98f7e 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.16-1.pgdg110+1 +ENV PG_VERSION 13.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index d1e2d9c4cc..122e02d806 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg120+1" + "version": "13.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.16-1.pgdg110+1" + "version": "13.17-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865", + "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.16" + "version": "13.17" }, "14": { "alpine": "3.20", From 9c7abb997a013a96c2651ee541ddea06f424e1f3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:06:51 -0800 Subject: [PATCH 105/142] Update 14 to 14.14, bookworm 14.14-1.pgdg120+1, bullseye 14.14-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 533e23e6be..de99300c0d 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 4b89e0d558..3839e3d0db 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.13 -ENV PG_SHA256 59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56 +ENV PG_VERSION 14.14 +ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 88743d5041..7eaff78071 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg120+1 +ENV PG_VERSION 14.14-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index a69d4098f9..5c207f7468 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.13-1.pgdg110+1 +ENV PG_VERSION 14.14-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 122e02d806..fb8b5b048a 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg120+1" + "version": "14.14-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.13-1.pgdg110+1" + "version": "14.14-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "59aa3c4b495ab26a9ec69f3ad0a0228c51f0fe6facf3634dfad4d1197d613a56", + "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.13" + "version": "14.14" }, "15": { "alpine": "3.20", From 89e0c9265d95bc82c67d417ca04039ec2d5ccefc Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:20:16 -0800 Subject: [PATCH 106/142] Update 15 to 15.9, bookworm 15.9-1.pgdg120+1, bullseye 15.9-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index e9c2dbb37d..fba571e203 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 83e8a4640d..0706a3367b 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.8 -ENV PG_SHA256 4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a +ENV PG_VERSION 15.9 +ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 859acbfbdd..957ec6df80 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg120+1 +ENV PG_VERSION 15.9-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index aff946fa54..eafd5c45dc 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.8-1.pgdg110+1 +ENV PG_VERSION 15.9-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fb8b5b048a..121921cd6a 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg120+1" + "version": "15.9-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.8-1.pgdg110+1" + "version": "15.9-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "4403515f9a69eeb3efebc98f30b8c696122bfdf895e92b3b23f5b8e769edcb6a", + "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.8" + "version": "15.9" }, "16": { "alpine": "3.20", From f6c1f5b3765fdb3dce87ac5adc6270e0d5485a76 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:34:05 -0800 Subject: [PATCH 107/142] Update 16 to 16.5, bookworm 16.5-1.pgdg120+1, bullseye 16.5-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 16f3df5884..3146ffc0f5 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 33d01092b9..41213996fb 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.4 -ENV PG_SHA256 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f +ENV PG_VERSION 16.5 +ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 40feae2173..3631195246 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg120+2 +ENV PG_VERSION 16.5-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index fb685497f9..d889decf25 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.4-1.pgdg110+2 +ENV PG_VERSION 16.5-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 121921cd6a..fc589d97e2 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg120+2" + "version": "16.5-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.4-1.pgdg110+2" + "version": "16.5-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f", + "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.4" + "version": "16.5" }, "17": { "alpine": "3.20", From b64a17080eaaab2ec717352379ecd20456562fb5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 14 Nov 2024 11:48:01 -0800 Subject: [PATCH 108/142] Update 17 to 17.1, bookworm 17.1-1.pgdg120+1, bullseye 17.1-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 793e3d49c5..64bd75ae3c 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 4a33b69d48..5b005b3d54 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.0 -ENV PG_SHA256 7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de +ENV PG_VERSION 17.1 +ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 21a1f4958d..3958ea2438 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg120+1 +ENV PG_VERSION 17.1-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index a7ff8247c8..b68c707fb9 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.0-1.pgdg110+1 +ENV PG_VERSION 17.1-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index fc589d97e2..0689ef947d 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg120+1" + "version": "17.1-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.0-1.pgdg110+1" + "version": "17.1-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7e276131c0fdd6b62588dbad9b3bb24b8c3498d5009328dba59af16e819109de", + "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.0" + "version": "17.1" } } From 7a1418a24d4b1f69d16a6167877569c073c0fbd2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 21 Nov 2024 10:50:21 -0800 Subject: [PATCH 109/142] Update README See https://github.com/docker-library/docs/pull/2503 --- README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/README.md b/README.md index 09b82c90c2..883f0701e9 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,4 @@ For more information about the full official images change lifecycle, see [the " For outstanding `postgres` image PRs, check [PRs with the "library/postgres" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fpostgres). For the current "source of truth" for [`postgres`](https://hub.docker.com/_/postgres/), see [the `library/postgres` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/postgres). ---- - -- [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/postgres/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/postgres/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) -- [![build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/update.sh/job/postgres.svg?label=Automated%20update.sh)](https://doi-janky.infosiftr.net/job/update.sh/job/postgres/) - -| Build | Status | Badges | (per-arch) | -|:-:|:-:|:-:|:-:| -| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/postgres/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/postgres/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/postgres/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/postgres/) | -| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/postgres/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/postgres/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/postgres/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/postgres/) | -| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/postgres/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/postgres/) | - From 5f590b8df7f12270d1d5227758744ca3b0bdef74 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:05:42 -0800 Subject: [PATCH 110/142] Update 12 to 12.22, bookworm 12.22-1.pgdg120+1, bullseye 12.22-1.pgdg110+1 --- 12/alpine3.19/Dockerfile | 4 ++-- 12/alpine3.20/Dockerfile | 4 ++-- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index cc16e0ddc8..21aaff4185 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index b8b82118c2..3f1e87e0cf 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 12 -ENV PG_VERSION 12.21 -ENV PG_SHA256 6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2 +ENV PG_VERSION 12.22 +ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index 1f92c9baa0..df9a761c5f 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg120+1 +ENV PG_VERSION 12.22-1.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 5d57862bf4..526491f45d 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.21-1.pgdg110+1 +ENV PG_VERSION 12.22-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0689ef947d..5dd3670294 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg120+1" + "version": "12.22-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "12.21-1.pgdg110+1" + "version": "12.22-1.pgdg110+1" }, "debian": "bookworm", "major": 12, - "sha256": "6c711550ac1cc7828865e5823d9f457e3bdad6f4320177169f90e419be0c27f2", + "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "12.21" + "version": "12.22" }, "13": { "alpine": "3.20", From 9fadd0e250ba0c150dafec9e3c8728de3c8e318f Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:07:48 -0800 Subject: [PATCH 111/142] Update 13 to 13.18, bookworm 13.18-1.pgdg120+1, bullseye 13.18-1.pgdg110+1 --- 13/alpine3.19/Dockerfile | 4 ++-- 13/alpine3.20/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index 59850e682f..43c805a2b4 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 95466e7e78..a4d1cf366d 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.17 -ENV PG_SHA256 022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b +ENV PG_VERSION 13.18 +ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 02dab0fbda..99432918b9 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg120+1 +ENV PG_VERSION 13.18-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 3e24c98f7e..18b4ffcf86 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.17-1.pgdg110+1 +ENV PG_VERSION 13.18-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 5dd3670294..3cf85cc86d 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg120+1" + "version": "13.18-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "13.17-1.pgdg110+1" + "version": "13.18-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "022b0a6e7bc374a777eece33708895d7b60cae07d492b286b296a49d7395d78b", + "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "13.17" + "version": "13.18" }, "14": { "alpine": "3.20", From c44484583320c81b35824ec0ce16864690d68bc3 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:09:59 -0800 Subject: [PATCH 112/142] Update 14 to 14.15, bookworm 14.15-1.pgdg120+1, bullseye 14.15-1.pgdg110+1 --- 14/alpine3.19/Dockerfile | 4 ++-- 14/alpine3.20/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index de99300c0d..4cf84a304f 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 3839e3d0db..2af8d825fc 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.14 -ENV PG_SHA256 84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6 +ENV PG_VERSION 14.15 +ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 7eaff78071..f70799807c 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg120+1 +ENV PG_VERSION 14.15-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 5c207f7468..3f7e4eca95 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.14-1.pgdg110+1 +ENV PG_VERSION 14.15-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 3cf85cc86d..09583e98e5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg120+1" + "version": "14.15-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "14.14-1.pgdg110+1" + "version": "14.15-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "84727fbccdbd1efe01d8de64bc1b33095db773ad2457cefcedc2d8258ebc09d6", + "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "14.14" + "version": "14.15" }, "15": { "alpine": "3.20", From 50b4cdb50e3599013f2fce9cd8860600f53c696c Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:12:11 -0800 Subject: [PATCH 113/142] Update 15 to 15.10, bookworm 15.10-1.pgdg120+1, bullseye 15.10-1.pgdg110+1 --- 15/alpine3.19/Dockerfile | 4 ++-- 15/alpine3.20/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index fba571e203..43c890da5b 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 0706a3367b..effc59a095 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.9 -ENV PG_SHA256 74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783 +ENV PG_VERSION 15.10 +ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 957ec6df80..d3d44d9fec 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg120+1 +ENV PG_VERSION 15.10-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index eafd5c45dc..582076c41b 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.9-1.pgdg110+1 +ENV PG_VERSION 15.10-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 09583e98e5..6c580db3a3 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg120+1" + "version": "15.10-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "15.9-1.pgdg110+1" + "version": "15.10-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "74f2d4565035f0cf729ecb059949faaf1102cbd93759b359822f98f82198c783", + "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "15.9" + "version": "15.10" }, "16": { "alpine": "3.20", From 960ebdf14ef92d328588e77af2a879c63e577e96 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:14:24 -0800 Subject: [PATCH 114/142] Update 16 to 16.6, bookworm 16.6-1.pgdg120+1, bullseye 16.6-1.pgdg110+1 --- 16/alpine3.19/Dockerfile | 4 ++-- 16/alpine3.20/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 3146ffc0f5..0ee9671bdd 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 41213996fb..c86008147b 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.5 -ENV PG_SHA256 a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0 +ENV PG_VERSION 16.6 +ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 3631195246..2a3fda32c3 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg120+1 +ENV PG_VERSION 16.6-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index d889decf25..75a6bf083e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.5-1.pgdg110+1 +ENV PG_VERSION 16.6-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 6c580db3a3..9b79ab49db 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg120+1" + "version": "16.6-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,18 +141,18 @@ "ppc64el", "s390x" ], - "version": "16.5-1.pgdg110+1" + "version": "16.6-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0", + "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "16.5" + "version": "16.6" }, "17": { "alpine": "3.20", From 0b87a9bbd23f56b1e9e863ecda5cc9e66416c4e0 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 21 Nov 2024 12:16:44 -0800 Subject: [PATCH 115/142] Update 17 to 17.2, bookworm 17.2-1.pgdg120+1, bullseye 17.2-1.pgdg110+1 --- 17/alpine3.19/Dockerfile | 4 ++-- 17/alpine3.20/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.19/Dockerfile index 64bd75ae3c..101ea6b2cc 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.19/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5b005b3d54..d8481c4f50 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.1 -ENV PG_SHA256 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd +ENV PG_VERSION 17.2 +ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 3958ea2438..ea5f47b044 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg120+1 +ENV PG_VERSION 17.2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index b68c707fb9..af909b0d8a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.1-1.pgdg110+1 +ENV PG_VERSION 17.2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 9b79ab49db..fac5258833 100644 --- a/versions.json +++ b/versions.json @@ -163,7 +163,7 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg120+1" + "version": "17.2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -172,17 +172,17 @@ "ppc64el", "s390x" ], - "version": "17.1-1.pgdg110+1" + "version": "17.2-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd", + "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", "variants": [ "bookworm", "bullseye", "alpine3.20", "alpine3.19" ], - "version": "17.1" + "version": "17.2" } } From 1075ab7060f7ee83f01db8bae699000994b5ed9f Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Thu, 5 Dec 2024 22:12:14 +0000 Subject: [PATCH 116/142] Update Alpine to 3.21 --- 12/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 13/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 17/{alpine3.19 => alpine3.21}/Dockerfile | 2 +- .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 versions.json | 36 +++++++++---------- versions.sh | 2 +- 20 files changed, 25 insertions(+), 25 deletions(-) rename 12/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 12/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 12/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 13/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 13/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 14/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 14/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 15/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 15/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 16/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 16/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) rename 17/{alpine3.19 => alpine3.21}/Dockerfile (99%) rename 17/{alpine3.19 => alpine3.21}/docker-ensure-initdb.sh (100%) rename 17/{alpine3.19 => alpine3.21}/docker-entrypoint.sh (100%) diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.21/Dockerfile similarity index 99% rename from 12/alpine3.19/Dockerfile rename to 12/alpine3.21/Dockerfile index 21aaff4185..b51727523a 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/12/alpine3.19/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 12/alpine3.19/docker-ensure-initdb.sh rename to 12/alpine3.21/docker-ensure-initdb.sh diff --git a/12/alpine3.19/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 12/alpine3.19/docker-entrypoint.sh rename to 12/alpine3.21/docker-entrypoint.sh diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.21/Dockerfile similarity index 99% rename from 13/alpine3.19/Dockerfile rename to 13/alpine3.21/Dockerfile index 43c805a2b4..5a63fd1f46 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/13/alpine3.19/docker-ensure-initdb.sh b/13/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.19/docker-ensure-initdb.sh rename to 13/alpine3.21/docker-ensure-initdb.sh diff --git a/13/alpine3.19/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.19/docker-entrypoint.sh rename to 13/alpine3.21/docker-entrypoint.sh diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.21/Dockerfile similarity index 99% rename from 14/alpine3.19/Dockerfile rename to 14/alpine3.21/Dockerfile index 4cf84a304f..0173050f1b 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/14/alpine3.19/docker-ensure-initdb.sh b/14/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.19/docker-ensure-initdb.sh rename to 14/alpine3.21/docker-ensure-initdb.sh diff --git a/14/alpine3.19/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.19/docker-entrypoint.sh rename to 14/alpine3.21/docker-entrypoint.sh diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.21/Dockerfile similarity index 99% rename from 15/alpine3.19/Dockerfile rename to 15/alpine3.21/Dockerfile index 43c890da5b..f9452c84ba 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/15/alpine3.19/docker-ensure-initdb.sh b/15/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.19/docker-ensure-initdb.sh rename to 15/alpine3.21/docker-ensure-initdb.sh diff --git a/15/alpine3.19/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.19/docker-entrypoint.sh rename to 15/alpine3.21/docker-entrypoint.sh diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.21/Dockerfile similarity index 99% rename from 16/alpine3.19/Dockerfile rename to 16/alpine3.21/Dockerfile index 0ee9671bdd..c2a0f65032 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/16/alpine3.19/docker-ensure-initdb.sh b/16/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.19/docker-ensure-initdb.sh rename to 16/alpine3.21/docker-ensure-initdb.sh diff --git a/16/alpine3.19/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.19/docker-entrypoint.sh rename to 16/alpine3.21/docker-entrypoint.sh diff --git a/17/alpine3.19/Dockerfile b/17/alpine3.21/Dockerfile similarity index 99% rename from 17/alpine3.19/Dockerfile rename to 17/alpine3.21/Dockerfile index 101ea6b2cc..4adb4a0367 100644 --- a/17/alpine3.19/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable diff --git a/17/alpine3.19/docker-ensure-initdb.sh b/17/alpine3.21/docker-ensure-initdb.sh similarity index 100% rename from 17/alpine3.19/docker-ensure-initdb.sh rename to 17/alpine3.21/docker-ensure-initdb.sh diff --git a/17/alpine3.19/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh similarity index 100% rename from 17/alpine3.19/docker-entrypoint.sh rename to 17/alpine3.21/docker-entrypoint.sh diff --git a/versions.json b/versions.json index fac5258833..11cf4b6a29 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "12": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -25,13 +25,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "12.22" }, "13": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -56,13 +56,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "13.18" }, "14": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -87,13 +87,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "14.15" }, "15": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -118,13 +118,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "15.10" }, "16": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -149,13 +149,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "16.6" }, "17": { - "alpine": "3.20", + "alpine": "3.21", "bookworm": { "arches": [ "amd64", @@ -180,8 +180,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.20", - "alpine3.19" + "alpine3.21", + "alpine3.20" ], "version": "17.2" } diff --git a/versions.sh b/versions.sh index e8c1225d53..ad83e2b000 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.21 3.20 - 3.19 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From 17818f21dca10ccf02711476e138c219bd31b456 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 5 Dec 2024 14:12:58 -0800 Subject: [PATCH 117/142] In Alpine 3.21 bump llvm version Fixes #1296 --- 12/alpine3.20/Dockerfile | 4 ++-- 12/alpine3.21/Dockerfile | 12 ++++++------ 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 12 ++++++------ 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 12 ++++++------ 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 12 ++++++------ 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 12 ++++++------ 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 12 ++++++------ Dockerfile-alpine.template | 19 +++++++++++++++---- 13 files changed, 63 insertions(+), 52 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index 3f1e87e0cf..acd5d9acd7 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index b51727523a..636e77151e 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 12.22 ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a4d1cf366d..3d694c3609 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -112,9 +112,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 5a63fd1f46..1adc2f84c8 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 13.18 ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 2af8d825fc..98f6b30aeb 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -114,9 +114,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 0173050f1b..46e0f7353c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 14.15 ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -114,10 +114,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index effc59a095..a837092196 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index f9452c84ba..cd3c8c0724 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 15.10 ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c86008147b..36b35cdcb0 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -116,9 +116,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index c2a0f65032..8b9173336f 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -57,8 +57,8 @@ ENV PG_VERSION 16.6 ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -116,10 +116,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d8481c4f50..40d8bbd4bf 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -115,9 +115,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-15; \ \ # configure options taken from: diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4adb4a0367..5c2914fcb2 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -56,8 +56,8 @@ ENV PG_VERSION 17.2 ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -115,10 +115,10 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 767923f895..6ef2082805 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,8 @@ -FROM alpine:{{ env.variant | ltrimstr("alpine") }} +{{ + def alpine_version: + env.variant | ltrimstr("alpine") +-}} +FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine # https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable @@ -52,7 +56,14 @@ ENV PG_MAJOR {{ env.version }} ENV PG_VERSION {{ .version }} ENV PG_SHA256 {{ .sha256 }} -{{ def llvmver: "15" -}} +{{ + def llvmver: + if alpine_version | split(".") | map(tonumber) < [3, 21] then + "15" + else + "19" + end +-}} ENV DOCKER_PG_LLVM_DEPS \ llvm{{ llvmver }}-dev \ clang{{ llvmver }} @@ -117,9 +128,9 @@ RUN set -eux; \ wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n158 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql12/APKBUILD?h=3.18-stable&id=a470294e6d6ca7059e41c54769b7c3c26ec901d4#n163 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 export CLANG=clang-{{ llvmver }}; \ \ # configure options taken from: From cb049360d9a316e429740d47431e0d6fa129d11a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 13 Dec 2024 15:02:43 -0800 Subject: [PATCH 118/142] Simplify and update `verify-templating.yml` This makes it print out a diff when there is an error (instead of just a list of files that are wrong), which will make the error more obvious. --- .github/workflows/verify-templating.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/verify-templating.yml b/.github/workflows/verify-templating.yml index 9ece508df6..e822ba6bb9 100644 --- a/.github/workflows/verify-templating.yml +++ b/.github/workflows/verify-templating.yml @@ -15,9 +15,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Apply Templates - run: ./apply-templates.sh - - name: Check Git Status - run: | - status="$(git status --short)" - [ -z "$status" ] + - run: ./apply-templates.sh + - run: git diff --exit-code From 32b6fcdda7f52830f42dd695e2dc2f739581756b Mon Sep 17 00:00:00 2001 From: Jeremy Schneider Date: Thu, 9 Jan 2025 09:56:49 -0800 Subject: [PATCH 119/142] =?UTF-8?q?Remove=20inaccurate=20references=20to?= =?UTF-8?q?=20corruption,=20remove=20SEGTERM=20suggestion=E2=80=A6=20(#130?= =?UTF-8?q?3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove inaccurate references to corruption, remove SEGTERM suggestion, update information links to current docs. Postgres is carefully designed such that data is not corrupted on crashes or unclean shutdowns - the main tradeoff is that WAL replay is needed on startup. In practice, SIGTERM can cause unexpected long delays to shutdowns - often during maintenance windows - so best not to actively suggest this. The links back to official Postgres documentation seem sufficient. --- 12/alpine3.20/Dockerfile | 16 +++++----------- 12/alpine3.21/Dockerfile | 16 +++++----------- 12/bookworm/Dockerfile | 16 +++++----------- 12/bullseye/Dockerfile | 16 +++++----------- 13/alpine3.20/Dockerfile | 16 +++++----------- 13/alpine3.21/Dockerfile | 16 +++++----------- 13/bookworm/Dockerfile | 16 +++++----------- 13/bullseye/Dockerfile | 16 +++++----------- 14/alpine3.20/Dockerfile | 16 +++++----------- 14/alpine3.21/Dockerfile | 16 +++++----------- 14/bookworm/Dockerfile | 16 +++++----------- 14/bullseye/Dockerfile | 16 +++++----------- 15/alpine3.20/Dockerfile | 16 +++++----------- 15/alpine3.21/Dockerfile | 16 +++++----------- 15/bookworm/Dockerfile | 16 +++++----------- 15/bullseye/Dockerfile | 16 +++++----------- 16/alpine3.20/Dockerfile | 16 +++++----------- 16/alpine3.21/Dockerfile | 16 +++++----------- 16/bookworm/Dockerfile | 16 +++++----------- 16/bullseye/Dockerfile | 16 +++++----------- 17/alpine3.20/Dockerfile | 16 +++++----------- 17/alpine3.21/Dockerfile | 16 +++++----------- 17/bookworm/Dockerfile | 16 +++++----------- 17/bullseye/Dockerfile | 16 +++++----------- Dockerfile-alpine.template | 16 +++++----------- Dockerfile-debian.template | 16 +++++----------- 26 files changed, 130 insertions(+), 286 deletions(-) diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile index acd5d9acd7..2e419498a4 100644 --- a/12/alpine3.20/Dockerfile +++ b/12/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile index 636e77151e..75ddfac841 100644 --- a/12/alpine3.21/Dockerfile +++ b/12/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index df9a761c5f..c9f6baeea7 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 526491f45d..098f684129 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 3d694c3609..a65cf3e580 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 1adc2f84c8..74c92fc237 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -203,18 +203,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -224,10 +218,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 99432918b9..cb68eb9b15 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 18b4ffcf86..a42d00dbcf 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -196,18 +196,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -217,10 +211,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 98f6b30aeb..c9dfbdea53 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 46e0f7353c..ff2107486e 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f70799807c..f404f7a99b 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 3f7e4eca95..0c7c224579 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index a837092196..baa5fea81a 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index cd3c8c0724..c942494d34 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -209,18 +209,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -230,10 +224,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index d3d44d9fec..3caf089e07 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 582076c41b..b19c220ce1 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 36b35cdcb0..7c898dbcb5 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 8b9173336f..2c90ad3792 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -208,18 +208,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -229,10 +223,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 2a3fda32c3..e2adcdb4b0 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 75a6bf083e..bae4ffbc29 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 40d8bbd4bf..d3e1131068 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 5c2914fcb2..b8b439b28c 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -206,18 +206,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -227,10 +221,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index ea5f47b044..d31a71e831 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index af909b0d8a..574a230402 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -194,18 +194,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -215,10 +209,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 6ef2082805..f3a98c760b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -232,18 +232,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -253,10 +247,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1fa84903ac..1ac04a725f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -192,18 +192,12 @@ ENTRYPOINT ["docker-entrypoint.sh"] # We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL # calls "Fast Shutdown mode" wherein new connections are disallowed and any # in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk, which is the best compromise available to avoid data -# corruption. +# flush tables to disk. # -# Users who know their applications do not keep open long-lived idle connections -# may way to use a value of SIGTERM instead, which corresponds to "Smart -# Shutdown mode" in which any existing sessions are allowed to finish and the -# server stops when all sessions are terminated. -# -# See https://www.postgresql.org/docs/12/server-shutdown.html for more details +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details # about available PostgreSQL server shutdown signals. # -# See also https://www.postgresql.org/docs/12/server-start.html for further +# See also https://www.postgresql.org/docs/current/server-start.html for further # justification of this as the default value, namely that the example (and # shipped) systemd service files use the "Fast Shutdown mode" for service # termination. @@ -213,10 +207,10 @@ STOPSIGNAL SIGINT # An additional setting that is recommended for all users regardless of this # value is the runtime "--stop-timeout" (or your orchestrator/runtime's # equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption). +# STOPSIGNAL and sending SIGKILL. # # The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/12/server-start.html notes +# documentation at https://www.postgresql.org/docs/current/server-start.html notes # that even 90 seconds may not be long enough in many instances. EXPOSE 5432 From e2a43025b1acedac60ddfad3678ed5da1a09fd79 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 24 Jan 2025 05:02:25 -0800 Subject: [PATCH 120/142] Update 12 to bookworm 12.22-2.pgdg120+1, bullseye 12.22-2.pgdg110+1 --- 12/bookworm/Dockerfile | 2 +- 12/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index c9f6baeea7..cff8863b42 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg120+1 +ENV PG_VERSION 12.22-2.pgdg120+1 RUN set -ex; \ \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 098f684129..4bb12a3eb4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 12.22-1.pgdg110+1 +ENV PG_VERSION 12.22-2.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 11cf4b6a29..d5f9761bb3 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg120+1" + "version": "12.22-2.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,7 +17,7 @@ "ppc64el", "s390x" ], - "version": "12.22-1.pgdg110+1" + "version": "12.22-2.pgdg110+1" }, "debian": "bookworm", "major": 12, From 042d8d043fed77e0e09b6fcda0991bca9e8664e3 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Mon, 3 Feb 2025 16:55:44 -0800 Subject: [PATCH 121/142] Remove PostgreSQL 12 since it is end of life --- 12/alpine3.20/Dockerfile | 228 ----------------- 12/alpine3.20/docker-ensure-initdb.sh | 71 ----- 12/alpine3.20/docker-entrypoint.sh | 356 -------------------------- 12/alpine3.21/Dockerfile | 228 ----------------- 12/alpine3.21/docker-ensure-initdb.sh | 71 ----- 12/alpine3.21/docker-entrypoint.sh | 356 -------------------------- 12/bookworm/Dockerfile | 219 ---------------- 12/bookworm/docker-ensure-initdb.sh | 71 ----- 12/bookworm/docker-entrypoint.sh | 356 -------------------------- 12/bullseye/Dockerfile | 219 ---------------- 12/bullseye/docker-ensure-initdb.sh | 71 ----- 12/bullseye/docker-entrypoint.sh | 356 -------------------------- 13/alpine3.20/Dockerfile | 2 +- 13/alpine3.20/docker-entrypoint.sh | 4 +- 13/alpine3.21/Dockerfile | 2 +- 13/alpine3.21/docker-entrypoint.sh | 4 +- 13/bookworm/docker-entrypoint.sh | 4 +- 13/bullseye/docker-entrypoint.sh | 4 +- 14/alpine3.20/Dockerfile | 2 +- 14/alpine3.20/docker-entrypoint.sh | 4 +- 14/alpine3.21/Dockerfile | 2 +- 14/alpine3.21/docker-entrypoint.sh | 4 +- 14/bookworm/docker-entrypoint.sh | 4 +- 14/bullseye/docker-entrypoint.sh | 4 +- 15/alpine3.20/Dockerfile | 2 +- 15/alpine3.20/docker-entrypoint.sh | 4 +- 15/alpine3.21/Dockerfile | 2 +- 15/alpine3.21/docker-entrypoint.sh | 4 +- 15/bookworm/docker-entrypoint.sh | 4 +- 15/bullseye/docker-entrypoint.sh | 4 +- 16/alpine3.20/Dockerfile | 2 +- 16/alpine3.20/docker-entrypoint.sh | 4 +- 16/alpine3.21/Dockerfile | 2 +- 16/alpine3.21/docker-entrypoint.sh | 4 +- 16/bookworm/docker-entrypoint.sh | 4 +- 16/bullseye/docker-entrypoint.sh | 4 +- 17/alpine3.20/Dockerfile | 2 +- 17/alpine3.20/docker-entrypoint.sh | 4 +- 17/alpine3.21/Dockerfile | 2 +- 17/alpine3.21/docker-entrypoint.sh | 4 +- 17/bookworm/docker-entrypoint.sh | 4 +- 17/bullseye/docker-entrypoint.sh | 4 +- Dockerfile-alpine.template | 4 +- docker-entrypoint.sh | 4 +- versions.json | 31 --- 45 files changed, 54 insertions(+), 2687 deletions(-) delete mode 100644 12/alpine3.20/Dockerfile delete mode 100755 12/alpine3.20/docker-ensure-initdb.sh delete mode 100755 12/alpine3.20/docker-entrypoint.sh delete mode 100644 12/alpine3.21/Dockerfile delete mode 100755 12/alpine3.21/docker-ensure-initdb.sh delete mode 100755 12/alpine3.21/docker-entrypoint.sh delete mode 100644 12/bookworm/Dockerfile delete mode 100755 12/bookworm/docker-ensure-initdb.sh delete mode 100755 12/bookworm/docker-entrypoint.sh delete mode 100644 12/bullseye/Dockerfile delete mode 100755 12/bullseye/docker-ensure-initdb.sh delete mode 100755 12/bullseye/docker-entrypoint.sh diff --git a/12/alpine3.20/Dockerfile b/12/alpine3.20/Dockerfile deleted file mode 100644 index 2e419498a4..0000000000 --- a/12/alpine3.20/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.20 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.20/docker-ensure-initdb.sh b/12/alpine3.20/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.20/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.20/docker-entrypoint.sh b/12/alpine3.20/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.20/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/alpine3.21/Dockerfile b/12/alpine3.21/Dockerfile deleted file mode 100644 index 75ddfac841..0000000000 --- a/12/alpine3.21/Dockerfile +++ /dev/null @@ -1,228 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM alpine:3.21 - -# 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable -RUN set -eux; \ - addgroup -g 70 -S postgres; \ - adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ -# clean up fetch dependencies - apk del --no-network .gosu-deps; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu --version; \ - gosu nobody true -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# alpine doesn't require explicit locale-file generation -ENV LANG en_US.utf8 - -RUN mkdir /docker-entrypoint-initdb.d - -ENV PG_MAJOR 12 -ENV PG_VERSION 12.22 -ENV PG_SHA256 8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b - -ENV DOCKER_PG_LLVM_DEPS \ - llvm19-dev \ - clang19 - -RUN set -eux; \ - \ - wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ - echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ - mkdir -p /usr/src/postgresql; \ - tar \ - --extract \ - --file postgresql.tar.bz2 \ - --directory /usr/src/postgresql \ - --strip-components 1 \ - ; \ - rm postgresql.tar.bz2; \ - \ - apk add --no-cache --virtual .build-deps \ - $DOCKER_PG_LLVM_DEPS \ - bison \ - coreutils \ - dpkg-dev dpkg \ - flex \ - g++ \ - gcc \ - krb5-dev \ - libc-dev \ - libedit-dev \ - libxml2-dev \ - libxslt-dev \ - linux-headers \ - make \ - openldap-dev \ - openssl-dev \ - perl-dev \ - perl-ipc-run \ - perl-utils \ - python3-dev \ - tcl-dev \ - util-linux-dev \ - zlib-dev \ -# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 - icu-dev \ - ; \ - \ - cd /usr/src/postgresql; \ -# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) -# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f - awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ - grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ - mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-19; \ - \ -# configure options taken from: -# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 - ./configure \ - --enable-option-checking=fatal \ - --build="$gnuArch" \ -# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" -# --enable-nls \ - --enable-integer-datetimes \ - --enable-thread-safety \ - --enable-tap-tests \ -# skip debugging info -- we want tiny size instead -# --enable-debug \ - --disable-rpath \ - --with-uuid=e2fs \ - --with-gnu-ld \ - --with-pgport=5432 \ - --with-system-tzdata=/usr/share/zoneinfo \ - --prefix=/usr/local \ - --with-includes=/usr/local/include \ - --with-libraries=/usr/local/lib \ - --with-gssapi \ - --with-ldap \ - --with-tcl \ - --with-perl \ - --with-python \ -# --with-pam \ - --with-openssl \ - --with-libxml \ - --with-libxslt \ - --with-icu \ - --with-llvm \ - ; \ - make -j "$(nproc)" world-bin; \ - make install-world-bin; \ - make -C contrib install; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ -# Remove plperl, plpython and pltcl dependencies by default to save image size -# To use the pl extensions, those have to be installed in a derived image - | grep -v -e perl -e python -e tcl \ - )"; \ - apk add --no-cache --virtual .postgresql-rundeps \ - $runDeps \ - bash \ - tzdata \ - zstd \ -# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split - icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 - $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ - ; \ - apk del --no-network .build-deps; \ - cd /; \ - rm -rf \ - /usr/src/postgresql \ - /usr/local/share/doc \ - /usr/local/share/man \ - ; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/alpine3.21/docker-ensure-initdb.sh b/12/alpine3.21/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/alpine3.21/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/alpine3.21/docker-entrypoint.sh b/12/alpine3.21/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/alpine3.21/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile deleted file mode 100644 index cff8863b42..0000000000 --- a/12/bookworm/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bookworm-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg120+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bookworm/docker-ensure-initdb.sh b/12/bookworm/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bookworm/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bookworm/docker-entrypoint.sh b/12/bookworm/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile deleted file mode 100644 index 4bb12a3eb4..0000000000 --- a/12/bullseye/Dockerfile +++ /dev/null @@ -1,219 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -# explicitly set user/group IDs -RUN set -eux; \ - groupadd -r postgres --gid=999; \ -# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 - useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ -# also create the postgres user's home directory with appropriate permissions -# see https://github.com/docker-library/postgres/issues/274 - install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql - -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ -# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER -# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 -# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) - less \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN set -eux; \ - if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ -# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) - grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ - ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ - fi; \ - apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ - locale-gen; \ - locale -a | grep 'en_US.utf8' -ENV LANG en_US.utf8 - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libnss-wrapper \ - xz-utils \ - zstd \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir /docker-entrypoint-initdb.d - -RUN set -ex; \ -# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] -# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 -# uid PostgreSQL Debian Repository - key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ - export GNUPGHOME="$(mktemp -d)"; \ - mkdir -p /usr/local/share/keyrings/; \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" - -ENV PG_MAJOR 12 -ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin - -ENV PG_VERSION 12.22-2.pgdg110+1 - -RUN set -ex; \ - \ -# see note below about "*.pyc" files - export PYTHONDONTWRITEBYTECODE=1; \ - \ - dpkgArch="$(dpkg --print-architecture)"; \ - aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ - case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ -# arches officialy built by upstream - echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - apt-get update; \ - ;; \ - *) \ -# we're on an architecture upstream doesn't officially build for -# let's build binaries from their published source packages - echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - tempDir="$(mktemp -d)"; \ - cd "$tempDir"; \ - \ -# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - apt-get update; \ - apt-get install -y --no-install-recommends dpkg-dev; \ - echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ - _update_repo() { \ - dpkg-scanpackages . > Packages; \ -# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") -# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) -# ... -# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - apt-get -o Acquire::GzipIndexes=false update; \ - }; \ - _update_repo; \ - \ -# build .deb files from upstream's source packages (which are verified by apt-get) - nproc="$(nproc)"; \ - export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ - _update_repo; \ - apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ - apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ - \ -# we don't remove APT lists here because they get re-downloaded and removed later - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies -# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - apt-mark showmanual | xargs apt-mark auto > /dev/null; \ - apt-mark manual $savedAptMark; \ - \ - ls -lAFh; \ - _update_repo; \ - grep '^Package: ' Packages; \ - cd /; \ - ;; \ - esac; \ - \ - apt-get install -y --no-install-recommends postgresql-common; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends \ - "postgresql-$PG_MAJOR=$PG_VERSION" \ - ; \ - \ - rm -rf /var/lib/apt/lists/*; \ - \ - if [ -n "$tempDir" ]; then \ -# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - apt-get purge -y --auto-remove; \ - rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi; \ - \ -# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ - \ - postgres --version - -# make the sample config easier to munge (and "correct by default") -RUN set -eux; \ - dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ - cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ - ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ - sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ - grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample - -RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql - -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data - -COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ -RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh -ENTRYPOINT ["docker-entrypoint.sh"] - -# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL -# calls "Fast Shutdown mode" wherein new connections are disallowed and any -# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and -# flush tables to disk. -# -# See https://www.postgresql.org/docs/current/server-shutdown.html for more details -# about available PostgreSQL server shutdown signals. -# -# See also https://www.postgresql.org/docs/current/server-start.html for further -# justification of this as the default value, namely that the example (and -# shipped) systemd service files use the "Fast Shutdown mode" for service -# termination. -# -STOPSIGNAL SIGINT -# -# An additional setting that is recommended for all users regardless of this -# value is the runtime "--stop-timeout" (or your orchestrator/runtime's -# equivalent) for controlling how long to wait between sending the defined -# STOPSIGNAL and sending SIGKILL. -# -# The default in most runtimes (such as Docker) is 10 seconds, and the -# documentation at https://www.postgresql.org/docs/current/server-start.html notes -# that even 90 seconds may not be long enough in many instances. - -EXPOSE 5432 -CMD ["postgres"] diff --git a/12/bullseye/docker-ensure-initdb.sh b/12/bullseye/docker-ensure-initdb.sh deleted file mode 100755 index ae1f6b6b90..0000000000 --- a/12/bullseye/docker-ensure-initdb.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# -# This script is intended for three main use cases: -# -# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior -# -# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution -# (no-op if database is already initialized) -# -# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use -# (error if database is already initialized) -# - -source /usr/local/bin/docker-entrypoint.sh - -# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) -if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then - set -- postgres "$@" -fi - -# see also "_main" in "docker-entrypoint.sh" - -docker_setup_env -# setup data directories and permissions (when run as root) -docker_create_db_directories -if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" -fi - -# only run initialization on an empty data directory -if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD -else - self="$(basename "$0")" - case "$self" in - docker-ensure-initdb.sh) - echo >&2 "$self: note: database already initialized in '$PGDATA'!" - exit 0 - ;; - - docker-enforce-initdb.sh) - echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" - exit 1 - ;; - - *) - echo >&2 "$self: error: unknown file name: $self" - exit 99 - ;; - esac -fi diff --git a/12/bullseye/docker-entrypoint.sh b/12/bullseye/docker-entrypoint.sh deleted file mode 100755 index 6f59993e08..0000000000 --- a/12/bullseye/docker-entrypoint.sh +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/env bash -set -Eeo pipefail -# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00700 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - ;; - esac - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index a65cf3e580..e11f7276b4 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 74c92fc237..f80b09f620 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index c9dfbdea53..48231edcbd 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index ff2107486e..71879fac7f 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index baa5fea81a..d62f9c991d 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index c942494d34..ba2ad31a03 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 7c898dbcb5..3f9a790c74 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2c90ad3792..6951165d92 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index d3e1131068..af93219a57 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index b8b439b28c..47ba840f90 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f3a98c760b..2d1e3957a8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -42,7 +42,7 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -{{ if env.version | IN("12", "13", "14", "15", "16") then ( -}} +{{ if env.version | IN("13", "14", "15", "16") then ( -}} RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in PostgreSQL 17+) {{ ) else "" end -}} diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6f59993e08..d09b5388a0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -104,7 +104,7 @@ docker_init_database_dir() { # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] docker_verify_minimum_env() { case "${PG_MAJOR:-}" in - 12 | 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 # check password first so we can output the warning before postgres # messes it up if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then @@ -252,7 +252,7 @@ pg_setup_hba_conf() { printf '\n' if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then printf '# warning trust is enabled for all connections\n' - printf '# see https://www.postgresql.org/docs/12/auth-trust.html\n' + printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n' fi printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD" } >> "$PGDATA/pg_hba.conf" diff --git a/versions.json b/versions.json index d5f9761bb3..93b9c3a7fb 100644 --- a/versions.json +++ b/versions.json @@ -1,35 +1,4 @@ { - "12": { - "alpine": "3.21", - "bookworm": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg120+1" - }, - "bullseye": { - "arches": [ - "amd64", - "arm64", - "ppc64el", - "s390x" - ], - "version": "12.22-2.pgdg110+1" - }, - "debian": "bookworm", - "major": 12, - "sha256": "8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b", - "variants": [ - "bookworm", - "bullseye", - "alpine3.21", - "alpine3.20" - ], - "version": "12.22" - }, "13": { "alpine": "3.21", "bookworm": { From 7da49aaa6a5d1496288b8a54c40ac2860e2ac85b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:01:24 -0800 Subject: [PATCH 122/142] Update 13 to 13.19, bookworm 13.19-1.pgdg120+1, bullseye 13.19-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index e11f7276b4..f52be6a729 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index f80b09f620..17a6bf5ddb 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.18 -ENV PG_SHA256 ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1 +ENV PG_VERSION 13.19 +ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cb68eb9b15..96bc81b508 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg120+1 +ENV PG_VERSION 13.19-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index a42d00dbcf..63b57edd51 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.18-1.pgdg110+1 +ENV PG_VERSION 13.19-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 93b9c3a7fb..cb1e48cb6b 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg120+1" + "version": "13.19-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.18-1.pgdg110+1" + "version": "13.19-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "ceea92abee2a8c19408d278b68de6a78b6bd3dbb4fa2d653fa7ca745d666aab1", + "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.18" + "version": "13.19" }, "14": { "alpine": "3.21", From 4bc3d04127905a457a92d7eb42e7e677389b8135 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:17:09 -0800 Subject: [PATCH 123/142] Update 14 to 14.16, bookworm 14.16-1.pgdg120+1, bullseye 14.16-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 48231edcbd..84ca02723f 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 71879fac7f..8ab858f54d 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.15 -ENV PG_SHA256 02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5 +ENV PG_VERSION 14.16 +ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index f404f7a99b..74a915fafe 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg120+1 +ENV PG_VERSION 14.16-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 0c7c224579..2f451390be 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.15-1.pgdg110+1 +ENV PG_VERSION 14.16-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index cb1e48cb6b..0f29aad395 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg120+1" + "version": "14.16-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.15-1.pgdg110+1" + "version": "14.16-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "02e891e314b4e9ee24cbd78028dab7c73f9c1ba3e30835bcbef71fe220401fc5", + "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.15" + "version": "14.16" }, "15": { "alpine": "3.21", From 607fdbdadc175f112ebcf94a42272ca57e3b8ab2 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:31:47 -0800 Subject: [PATCH 124/142] Update 15 to 15.11, bookworm 15.11-1.pgdg120+1, bullseye 15.11-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index d62f9c991d..c461d8acde 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ba2ad31a03..ff00bf4e71 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.10 -ENV PG_SHA256 55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573 +ENV PG_VERSION 15.11 +ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 3caf089e07..f363a2d4cd 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg120+1 +ENV PG_VERSION 15.11-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index b19c220ce1..57acb0ebe6 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.10-1.pgdg110+1 +ENV PG_VERSION 15.11-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 0f29aad395..ff1a39b7b5 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg120+1" + "version": "15.11-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.10-1.pgdg110+1" + "version": "15.11-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "55abe738d441f0e58658b3ec6f88097a713b5e3b73139f6230d7b5c4c389e573", + "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.10" + "version": "15.11" }, "16": { "alpine": "3.21", From c17c1aad6bc4a8cc9d0a1791d8facaa84171c05b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 10:46:14 -0800 Subject: [PATCH 125/142] Update 16 to 16.7, bookworm 16.7-1.pgdg120+1, bullseye 16.7-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 3f9a790c74..c176edc3ef 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 6951165d92..7acd3a708c 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.6 -ENV PG_SHA256 23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b +ENV PG_VERSION 16.7 +ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e2adcdb4b0..e09f86ac39 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg120+1 +ENV PG_VERSION 16.7-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index bae4ffbc29..6a2ff2f19c 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.6-1.pgdg110+1 +ENV PG_VERSION 16.7-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ff1a39b7b5..37c75090af 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg120+1" + "version": "16.7-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.6-1.pgdg110+1" + "version": "16.7-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "23369cdaccd45270ac5dcc30fa9da205d5be33fa505e1f17a0418d2caeca477b", + "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.6" + "version": "16.7" }, "17": { "alpine": "3.21", From 22dad776d9f858f5fb1940ac165be76aa8521e49 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 13 Feb 2025 11:01:08 -0800 Subject: [PATCH 126/142] Update 17 to 17.3, bookworm 17.3-1.pgdg120+1, bullseye 17.3-1.pgdg110+1 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index af93219a57..1a1a2d583a 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 47ba840f90..4a490c5fc1 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.2 -ENV PG_SHA256 82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164 +ENV PG_VERSION 17.3 +ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index d31a71e831..8dddc88060 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg120+1 +ENV PG_VERSION 17.3-1.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 574a230402..780d675594 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.2-1.pgdg110+1 +ENV PG_VERSION 17.3-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 37c75090af..ba7aea1a04 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg120+1" + "version": "17.3-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.2-1.pgdg110+1" + "version": "17.3-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "82ef27c0af3751695d7f64e2d963583005fbb6a0c3df63d0e4b42211d7021164", + "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.2" + "version": "17.3" } } From a537d6002b1a4bb92eb88e1e894332a76b1d2e6b Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Sun, 16 Feb 2025 11:03:06 -0800 Subject: [PATCH 127/142] Update 17 to bookworm 17.3-3.pgdg120+1, bullseye 17.3-3.pgdg110+1 --- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index 8dddc88060..bb3cb6e227 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg120+1 +ENV PG_VERSION 17.3-3.pgdg120+1 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 780d675594..e9e1ad6a4a 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-1.pgdg110+1 +ENV PG_VERSION 17.3-3.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index ba7aea1a04..a73b263204 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg120+1" + "version": "17.3-3.pgdg120+1" }, "bullseye": { "arches": [ @@ -141,7 +141,7 @@ "ppc64el", "s390x" ], - "version": "17.3-1.pgdg110+1" + "version": "17.3-3.pgdg110+1" }, "debian": "bookworm", "major": 17, From 2f7aa214309aca0d90a41e57f0807f53ebf77d55 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:02:25 -0800 Subject: [PATCH 128/142] Update 13 to 13.20, bookworm 13.20-1.pgdg120+1, bullseye 13.20-1.pgdg110+1 --- 13/alpine3.20/Dockerfile | 4 ++-- 13/alpine3.21/Dockerfile | 4 ++-- 13/bookworm/Dockerfile | 2 +- 13/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index f52be6a729..6b90306dfa 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 17a6bf5ddb..c2fd2016b6 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.19 -ENV PG_SHA256 482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea +ENV PG_VERSION 13.20 +ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 96bc81b508..e19c54c943 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg120+1 +ENV PG_VERSION 13.20-1.pgdg120+1 RUN set -ex; \ \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 63b57edd51..fa5bce3769 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.19-1.pgdg110+1 +ENV PG_VERSION 13.20-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index a73b263204..b49f48a7b8 100644 --- a/versions.json +++ b/versions.json @@ -8,7 +8,7 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg120+1" + "version": "13.20-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -17,18 +17,18 @@ "ppc64el", "s390x" ], - "version": "13.19-1.pgdg110+1" + "version": "13.20-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "482cce0a9f8d24c2447cfc7b2817e55f86d51afe5f7f1a85214bf93644e774ea", + "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.19" + "version": "13.20" }, "14": { "alpine": "3.21", From dabb1fcefb4637c8b6e1655c520bc10e67a735cb Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:16:15 -0800 Subject: [PATCH 129/142] Update 14 to 14.17, bookworm 14.17-1.pgdg120+1, bullseye 14.17-1.pgdg110+1 --- 14/alpine3.20/Dockerfile | 4 ++-- 14/alpine3.21/Dockerfile | 4 ++-- 14/bookworm/Dockerfile | 2 +- 14/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 84ca02723f..7a97933e5e 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 8ab858f54d..e6eaec1609 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.16 -ENV PG_SHA256 673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c +ENV PG_VERSION 14.17 +ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 74a915fafe..e97bad7808 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg120+1 +ENV PG_VERSION 14.17-1.pgdg120+1 RUN set -ex; \ \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 2f451390be..b85e3deefd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.16-1.pgdg110+1 +ENV PG_VERSION 14.17-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b49f48a7b8..dc20f95c87 100644 --- a/versions.json +++ b/versions.json @@ -39,7 +39,7 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg120+1" + "version": "14.17-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -48,18 +48,18 @@ "ppc64el", "s390x" ], - "version": "14.16-1.pgdg110+1" + "version": "14.17-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "673c26f15ebb14306ad0ea051d8acfb3915dd342de942f5b502e5354a0ab760c", + "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.16" + "version": "14.17" }, "15": { "alpine": "3.21", From 807e218040cfae401cb0ed2e866a1efe9d6cc48d Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:30:20 -0800 Subject: [PATCH 130/142] Update 15 to 15.12, bookworm 15.12-1.pgdg120+1, bullseye 15.12-1.pgdg110+1 --- 15/alpine3.20/Dockerfile | 4 ++-- 15/alpine3.21/Dockerfile | 4 ++-- 15/bookworm/Dockerfile | 2 +- 15/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index c461d8acde..1142617c31 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index ff00bf4e71..48fedb00fa 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.11 -ENV PG_SHA256 5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0 +ENV PG_VERSION 15.12 +ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index f363a2d4cd..dcad9299c0 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg120+1 +ENV PG_VERSION 15.12-1.pgdg120+1 RUN set -ex; \ \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index 57acb0ebe6..df8ca09ff9 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.11-1.pgdg110+1 +ENV PG_VERSION 15.12-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index dc20f95c87..b069df64b3 100644 --- a/versions.json +++ b/versions.json @@ -70,7 +70,7 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg120+1" + "version": "15.12-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -79,18 +79,18 @@ "ppc64el", "s390x" ], - "version": "15.11-1.pgdg110+1" + "version": "15.12-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "5367e97e81e493301cc4aab049dfbc9b4913822985bc62379faab2a281cfbdf0", + "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.11" + "version": "15.12" }, "16": { "alpine": "3.21", From ce5da348e75d283cdd90963f97bd61c374d41ee5 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:44:40 -0800 Subject: [PATCH 131/142] Update 16 to 16.8, bookworm 16.8-1.pgdg120+1, bullseye 16.8-1.pgdg110+1 --- 16/alpine3.20/Dockerfile | 4 ++-- 16/alpine3.21/Dockerfile | 4 ++-- 16/bookworm/Dockerfile | 2 +- 16/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index c176edc3ef..f4a8eee4c6 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 7acd3a708c..2e4b935085 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.7 -ENV PG_SHA256 62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe +ENV PG_VERSION 16.8 +ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index e09f86ac39..c732ed0fdc 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg120+1 +ENV PG_VERSION 16.8-1.pgdg120+1 RUN set -ex; \ \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 6a2ff2f19c..ed5027458f 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.7-1.pgdg110+1 +ENV PG_VERSION 16.8-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index b069df64b3..c4a73cace1 100644 --- a/versions.json +++ b/versions.json @@ -101,7 +101,7 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg120+1" + "version": "16.8-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -110,18 +110,18 @@ "ppc64el", "s390x" ], - "version": "16.7-1.pgdg110+1" + "version": "16.8-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "62e02f77ebfc4a37f1700c20cc3ccd85ff797b5613766ebf949a7899bb2113fe", + "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.7" + "version": "16.8" }, "17": { "alpine": "3.21", From 729d22b104ede82d7b2d8681bb85f2f44c33eb60 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Thu, 20 Feb 2025 11:59:30 -0800 Subject: [PATCH 132/142] Update 17 to 17.4, bookworm 17.4-1.pgdg120+2, bullseye 17.4-1.pgdg110+2 --- 17/alpine3.20/Dockerfile | 4 ++-- 17/alpine3.21/Dockerfile | 4 ++-- 17/bookworm/Dockerfile | 2 +- 17/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 1a1a2d583a..2db848ef04 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 4a490c5fc1..1b9d0ee2c6 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.3 -ENV PG_SHA256 13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea +ENV PG_VERSION 17.4 +ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index bb3cb6e227..fbc15ef4c3 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg120+1 +ENV PG_VERSION 17.4-1.pgdg120+2 RUN set -ex; \ \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index e9e1ad6a4a..263bb9f1c3 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.3-3.pgdg110+1 +ENV PG_VERSION 17.4-1.pgdg110+2 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index c4a73cace1..973ebfc225 100644 --- a/versions.json +++ b/versions.json @@ -132,7 +132,7 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg120+1" + "version": "17.4-1.pgdg120+2" }, "bullseye": { "arches": [ @@ -141,17 +141,17 @@ "ppc64el", "s390x" ], - "version": "17.3-3.pgdg110+1" + "version": "17.4-1.pgdg110+2" }, "debian": "bookworm", "major": 17, - "sha256": "13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea", + "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.3" + "version": "17.4" } } From cc254e85ed86e1f8c9052f9cbf0e3320324f0421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Li=C3=A9tar?= Date: Thu, 27 Feb 2025 00:53:12 +0000 Subject: [PATCH 133/142] Unset NOTIFY_SOCKET when running the temporary server. (#1325) * Unset NOTIFY_SOCKET when running the temporary server. Postgres has native support for this notification socket and will write a `READY=1` message once it is ready and accepting connections. Unfortunately, the temporary server used by the `docker-entrypoint.sh` also sends a message on the socket, making it appear as though the container is ready and serving connections when it is not. --- 13/alpine3.20/docker-entrypoint.sh | 3 +++ 13/alpine3.21/docker-entrypoint.sh | 3 +++ 13/bookworm/docker-entrypoint.sh | 3 +++ 13/bullseye/docker-entrypoint.sh | 3 +++ 14/alpine3.20/docker-entrypoint.sh | 3 +++ 14/alpine3.21/docker-entrypoint.sh | 3 +++ 14/bookworm/docker-entrypoint.sh | 3 +++ 14/bullseye/docker-entrypoint.sh | 3 +++ 15/alpine3.20/docker-entrypoint.sh | 3 +++ 15/alpine3.21/docker-entrypoint.sh | 3 +++ 15/bookworm/docker-entrypoint.sh | 3 +++ 15/bullseye/docker-entrypoint.sh | 3 +++ 16/alpine3.20/docker-entrypoint.sh | 3 +++ 16/alpine3.21/docker-entrypoint.sh | 3 +++ 16/bookworm/docker-entrypoint.sh | 3 +++ 16/bullseye/docker-entrypoint.sh | 3 +++ 17/alpine3.20/docker-entrypoint.sh | 3 +++ 17/alpine3.21/docker-entrypoint.sh | 3 +++ 17/bookworm/docker-entrypoint.sh | 3 +++ 17/bullseye/docker-entrypoint.sh | 3 +++ docker-entrypoint.sh | 3 +++ 21 files changed, 63 insertions(+) diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.20/docker-entrypoint.sh +++ b/13/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.20/docker-entrypoint.sh +++ b/14/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.20/docker-entrypoint.sh +++ b/15/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.20/docker-entrypoint.sh +++ b/16/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.20/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.20/docker-entrypoint.sh +++ b/17/alpine3.20/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index d09b5388a0..ae40666ca1 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -269,6 +269,9 @@ docker_temp_server_start() { # does not listen on external TCP/IP and waits until start finishes set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ PGUSER="${PGUSER:-$POSTGRES_USER}" \ pg_ctl -D "$PGDATA" \ -o "$(printf '%q ' "$@")" \ From 266748257c85f28eb01a276e84860013ade2eb14 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 10:29:08 -0700 Subject: [PATCH 134/142] Update to 17.5, 16.9, 15.13, 14.18, 13.21 --- 13/alpine3.20/Dockerfile | 4 +-- 13/alpine3.21/Dockerfile | 4 +-- 13/bookworm/Dockerfile | 4 +-- 13/bullseye/Dockerfile | 4 +-- 14/alpine3.20/Dockerfile | 4 +-- 14/alpine3.21/Dockerfile | 4 +-- 14/bookworm/Dockerfile | 4 +-- 14/bullseye/Dockerfile | 4 +-- 15/alpine3.20/Dockerfile | 4 +-- 15/alpine3.21/Dockerfile | 4 +-- 15/bookworm/Dockerfile | 4 +-- 15/bullseye/Dockerfile | 4 +-- 16/alpine3.20/Dockerfile | 4 +-- 16/alpine3.21/Dockerfile | 4 +-- 16/bookworm/Dockerfile | 4 +-- 16/bullseye/Dockerfile | 4 +-- 17/alpine3.20/Dockerfile | 4 +-- 17/alpine3.21/Dockerfile | 4 +-- 17/bookworm/Dockerfile | 4 +-- 17/bullseye/Dockerfile | 4 +-- versions.json | 70 +++++++++++++++++----------------------- 21 files changed, 70 insertions(+), 80 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 6b90306dfa..5dcd03a1be 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index c2fd2016b6..7746d671cd 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 13 -ENV PG_VERSION 13.20 -ENV PG_SHA256 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 +ENV PG_VERSION 13.21 +ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index e19c54c943..3dd050a432 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg120+1 +ENV PG_VERSION 13.21-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index fa5bce3769..990363d494 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 13.20-1.pgdg110+1 +ENV PG_VERSION 13.21-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 7a97933e5e..03bf8cc8a7 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index e6eaec1609..cdc9717825 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 14 -ENV PG_VERSION 14.17 -ENV PG_SHA256 6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1 +ENV PG_VERSION 14.18 +ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index e97bad7808..701a02cccd 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg120+1 +ENV PG_VERSION 14.18-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index b85e3deefd..004e6777cd 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 14.17-1.pgdg110+1 +ENV PG_VERSION 14.18-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 1142617c31..27aa060714 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 48fedb00fa..546793ba15 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 15 -ENV PG_VERSION 15.12 -ENV PG_SHA256 3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 +ENV PG_VERSION 15.13 +ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index dcad9299c0..953f19a827 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg120+1 +ENV PG_VERSION 15.13-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index df8ca09ff9..af49faecc7 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 15 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 15.12-1.pgdg110+1 +ENV PG_VERSION 15.13-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index f4a8eee4c6..8ceefb8fa2 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 2e4b935085..de809004ef 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -53,8 +53,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 16 -ENV PG_VERSION 16.8 -ENV PG_SHA256 9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8 +ENV PG_VERSION 16.9 +ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index c732ed0fdc..57ce9f7b06 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg120+1 +ENV PG_VERSION 16.9-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index ed5027458f..54f864c29e 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 16 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 16.8-1.pgdg110+1 +ENV PG_VERSION 16.9-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 2db848ef04..5919ddee6d 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm15-dev \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 1b9d0ee2c6..cda67cffa5 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 17 -ENV PG_VERSION 17.4 -ENV PG_SHA256 c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 +ENV PG_VERSION 17.5 +ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index fbc15ef4c3..eca1c04f03 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg120+2 +ENV PG_VERSION 17.5-1.pgdg120+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 263bb9f1c3..90b92bba46 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 17 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 17.4-1.pgdg110+2 +ENV PG_VERSION 17.5-1.pgdg110+1 RUN set -ex; \ \ @@ -99,7 +99,7 @@ RUN set -ex; \ dpkgArch="$(dpkg --print-architecture)"; \ aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ - amd64 | arm64 | ppc64el | s390x) \ + amd64 | arm64 | ppc64el) \ # arches officialy built by upstream echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ diff --git a/versions.json b/versions.json index 973ebfc225..0c4bfb0d20 100644 --- a/versions.json +++ b/versions.json @@ -5,30 +5,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg120+1" + "version": "13.21-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "13.20-1.pgdg110+1" + "version": "13.21-1.pgdg110+1" }, "debian": "bookworm", "major": 13, - "sha256": "8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288", + "sha256": "dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "13.20" + "version": "13.21" }, "14": { "alpine": "3.21", @@ -36,30 +34,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg120+1" + "version": "14.18-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "14.17-1.pgdg110+1" + "version": "14.18-1.pgdg110+1" }, "debian": "bookworm", "major": 14, - "sha256": "6ce0ccd6403bf7f0f2eddd333e2ee9ba02edfa977c66660ed9b4b1057e7630a1", + "sha256": "83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "14.17" + "version": "14.18" }, "15": { "alpine": "3.21", @@ -67,30 +63,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg120+1" + "version": "15.13-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "15.12-1.pgdg110+1" + "version": "15.13-1.pgdg110+1" }, "debian": "bookworm", "major": 15, - "sha256": "3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7", + "sha256": "4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "15.12" + "version": "15.13" }, "16": { "alpine": "3.21", @@ -98,30 +92,28 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg120+1" + "version": "16.9-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "16.8-1.pgdg110+1" + "version": "16.9-1.pgdg110+1" }, "debian": "bookworm", "major": 16, - "sha256": "9468083a56ce0ee7d294601b74dad3dd9fc69d87aff61f0a9fb63c813ff7efd8", + "sha256": "07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "16.8" + "version": "16.9" }, "17": { "alpine": "3.21", @@ -129,29 +121,27 @@ "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg120+2" + "version": "17.5-1.pgdg120+1" }, "bullseye": { "arches": [ "amd64", "arm64", - "ppc64el", - "s390x" + "ppc64el" ], - "version": "17.4-1.pgdg110+2" + "version": "17.5-1.pgdg110+1" }, "debian": "bookworm", "major": 17, - "sha256": "c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7", + "sha256": "fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8", "variants": [ "bookworm", "bullseye", "alpine3.21", "alpine3.20" ], - "version": "17.4" + "version": "17.5" } } From b23470265cc9c4bc283a88bf6c5054e3fca87c16 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2025 11:32:48 -0700 Subject: [PATCH 135/142] Remove explicit config.guess/config.sub updates When we added these lines, we needed newer files than PostgreSQL had upstream, but the situation has changed and we were pinned to a specific commit from 2017 - the _oldest_ PostgreSQL release version has a file from 2020. --- 13/alpine3.20/Dockerfile | 3 --- 13/alpine3.21/Dockerfile | 3 --- 14/alpine3.20/Dockerfile | 3 --- 14/alpine3.21/Dockerfile | 3 --- 15/alpine3.20/Dockerfile | 3 --- 15/alpine3.21/Dockerfile | 3 --- 16/alpine3.20/Dockerfile | 3 --- 16/alpine3.21/Dockerfile | 3 --- 17/alpine3.20/Dockerfile | 3 --- 17/alpine3.21/Dockerfile | 3 --- Dockerfile-alpine.template | 3 --- 11 files changed, 33 deletions(-) diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.20/Dockerfile index 5dcd03a1be..a2f5e0918b 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.20/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 7746d671cd..50a47522ad 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -108,9 +108,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.20/Dockerfile index 03bf8cc8a7..9afc070826 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.20/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index cdc9717825..82d8aeba6c 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -110,9 +110,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.20/Dockerfile index 27aa060714..9fcb077803 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 546793ba15..203cab4d45 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.20/Dockerfile index 8ceefb8fa2..6095fa9396 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.20/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index de809004ef..21f38d7596 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -112,9 +112,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.20/Dockerfile index 5919ddee6d..bcf17f32a0 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.20/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index cda67cffa5..9e4bf205bd 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -111,9 +111,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 2d1e3957a8..d0c90d18c8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -124,9 +124,6 @@ RUN set -eux; \ grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \ - wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \ \ # https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ From d9c4773ca5dc96692188c458f281d217d78b14d9 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Wed, 21 May 2025 17:48:07 -0700 Subject: [PATCH 136/142] Update apt build depend --- 13/bookworm/Dockerfile | 7 +++---- 13/bullseye/Dockerfile | 7 +++---- 14/bookworm/Dockerfile | 7 +++---- 14/bullseye/Dockerfile | 7 +++---- 15/bookworm/Dockerfile | 7 +++---- 15/bullseye/Dockerfile | 7 +++---- 16/bookworm/Dockerfile | 7 +++---- 16/bullseye/Dockerfile | 7 +++---- 17/bookworm/Dockerfile | 7 +++---- 17/bullseye/Dockerfile | 7 +++---- Dockerfile-debian.template | 7 +++---- 11 files changed, 33 insertions(+), 44 deletions(-) diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index 3dd050a432..721ad94d09 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index 990363d494..b914b71ff0 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 DEBIAN_FRONTEND=noninteractive \ diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 701a02cccd..e9a0e21b1c 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 004e6777cd..ff863ef774 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 953f19a827..d58f9ab6a4 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index af49faecc7..ec325d7c88 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index 57ce9f7b06..7421ccaf0a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 54f864c29e..a3ac0c55ab 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/17/bookworm/Dockerfile b/17/bookworm/Dockerfile index eca1c04f03..25c2142f1f 100644 --- a/17/bookworm/Dockerfile +++ b/17/bookworm/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/17/bullseye/Dockerfile b/17/bullseye/Dockerfile index 90b92bba46..fc554d1fae 100644 --- a/17/bullseye/Dockerfile +++ b/17/bullseye/Dockerfile @@ -131,10 +131,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1ac04a725f..a81072a524 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -125,10 +125,9 @@ RUN set -ex; \ # build .deb files from upstream's source packages (which are verified by apt-get) nproc="$(nproc)"; \ export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ -# we have to build postgresql-common first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/99f44476e258cae6bf9e919219fa2c5414fa2876 -# (and it "Depends: pgdg-keyring") - apt-get build-dep -y postgresql-common pgdg-keyring; \ - apt-get source --compile postgresql-common pgdg-keyring; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ _update_repo; \ {{ if .major == 13 then ( -}} # we need DEBIAN_FRONTEND on postgresql-13 for slapd ("Please enter the password for the admin entry in your LDAP directory."); see https://bugs.debian.org/929417 From 172d9e7dbcff681ed65899f9bb01ba8bcc5fc063 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 30 May 2025 14:09:41 -0700 Subject: [PATCH 137/142] Add Alpine 3.22 (remove Alpine 3.20) --- 13/alpine3.21/Dockerfile | 9 +++--- 13/{alpine3.20 => alpine3.22}/Dockerfile | 19 ++++++------ .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 14/alpine3.21/Dockerfile | 9 +++--- 14/{alpine3.20 => alpine3.22}/Dockerfile | 19 ++++++------ .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 15/alpine3.21/Dockerfile | 9 +++--- 15/{alpine3.20 => alpine3.22}/Dockerfile | 19 ++++++------ .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 16/alpine3.21/Dockerfile | 9 +++--- 16/{alpine3.20 => alpine3.22}/Dockerfile | 19 ++++++------ .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 17/alpine3.21/Dockerfile | 9 +++--- 17/{alpine3.20 => alpine3.22}/Dockerfile | 19 ++++++------ .../docker-ensure-initdb.sh | 0 .../docker-entrypoint.sh | 0 Dockerfile-alpine.template | 15 ++++------ versions.json | 30 +++++++++---------- versions.sh | 2 +- 23 files changed, 86 insertions(+), 101 deletions(-) rename 13/{alpine3.20 => alpine3.22}/Dockerfile (93%) rename 13/{alpine3.20 => alpine3.22}/docker-ensure-initdb.sh (100%) rename 13/{alpine3.20 => alpine3.22}/docker-entrypoint.sh (100%) rename 14/{alpine3.20 => alpine3.22}/Dockerfile (93%) rename 14/{alpine3.20 => alpine3.22}/docker-ensure-initdb.sh (100%) rename 14/{alpine3.20 => alpine3.22}/docker-entrypoint.sh (100%) rename 15/{alpine3.20 => alpine3.22}/Dockerfile (93%) rename 15/{alpine3.20 => alpine3.22}/docker-ensure-initdb.sh (100%) rename 15/{alpine3.20 => alpine3.22}/docker-entrypoint.sh (100%) rename 16/{alpine3.20 => alpine3.22}/Dockerfile (93%) rename 16/{alpine3.20 => alpine3.22}/docker-ensure-initdb.sh (100%) rename 16/{alpine3.20 => alpine3.22}/docker-entrypoint.sh (100%) rename 17/{alpine3.20 => alpine3.22}/Dockerfile (93%) rename 17/{alpine3.20 => alpine3.22}/docker-ensure-initdb.sh (100%) rename 17/{alpine3.20 => alpine3.22}/docker-entrypoint.sh (100%) diff --git a/13/alpine3.21/Dockerfile b/13/alpine3.21/Dockerfile index 50a47522ad..c79dfd0bb7 100644 --- a/13/alpine3.21/Dockerfile +++ b/13/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -109,9 +109,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-19; \ \ # configure options taken from: @@ -166,8 +166,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/13/alpine3.20/Dockerfile b/13/alpine3.22/Dockerfile similarity index 93% rename from 13/alpine3.20/Dockerfile rename to 13/alpine3.22/Dockerfile index a2f5e0918b..ece37e9796 100644 --- a/13/alpine3.20/Dockerfile +++ b/13/alpine3.22/Dockerfile @@ -4,10 +4,10 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -57,8 +57,8 @@ ENV PG_VERSION 13.21 ENV PG_SHA256 dcda1294df45f033b0656cf7a8e4afbbc624c25e1b144aec79530f74d7ef4ab4 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -109,10 +109,10 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 @@ -166,8 +166,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/13/alpine3.20/docker-ensure-initdb.sh b/13/alpine3.22/docker-ensure-initdb.sh similarity index 100% rename from 13/alpine3.20/docker-ensure-initdb.sh rename to 13/alpine3.22/docker-ensure-initdb.sh diff --git a/13/alpine3.20/docker-entrypoint.sh b/13/alpine3.22/docker-entrypoint.sh similarity index 100% rename from 13/alpine3.20/docker-entrypoint.sh rename to 13/alpine3.22/docker-entrypoint.sh diff --git a/14/alpine3.21/Dockerfile b/14/alpine3.21/Dockerfile index 82d8aeba6c..49eb44c2c7 100644 --- a/14/alpine3.21/Dockerfile +++ b/14/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -111,9 +111,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-19; \ \ # configure options taken from: @@ -169,8 +169,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/14/alpine3.20/Dockerfile b/14/alpine3.22/Dockerfile similarity index 93% rename from 14/alpine3.20/Dockerfile rename to 14/alpine3.22/Dockerfile index 9afc070826..238930ef21 100644 --- a/14/alpine3.20/Dockerfile +++ b/14/alpine3.22/Dockerfile @@ -4,10 +4,10 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -57,8 +57,8 @@ ENV PG_VERSION 14.18 ENV PG_SHA256 83ab29d6bfc3dc58b2ed3c664114fdfbeb6a0450c4b8d7fa69aee91e3ca14f8e ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -111,10 +111,10 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 @@ -169,8 +169,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/14/alpine3.20/docker-ensure-initdb.sh b/14/alpine3.22/docker-ensure-initdb.sh similarity index 100% rename from 14/alpine3.20/docker-ensure-initdb.sh rename to 14/alpine3.22/docker-ensure-initdb.sh diff --git a/14/alpine3.20/docker-entrypoint.sh b/14/alpine3.22/docker-entrypoint.sh similarity index 100% rename from 14/alpine3.20/docker-entrypoint.sh rename to 14/alpine3.22/docker-entrypoint.sh diff --git a/15/alpine3.21/Dockerfile b/15/alpine3.21/Dockerfile index 203cab4d45..91ab89c023 100644 --- a/15/alpine3.21/Dockerfile +++ b/15/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -113,9 +113,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-19; \ \ # configure options taken from: @@ -172,8 +172,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/15/alpine3.20/Dockerfile b/15/alpine3.22/Dockerfile similarity index 93% rename from 15/alpine3.20/Dockerfile rename to 15/alpine3.22/Dockerfile index 9fcb077803..201065d8a3 100644 --- a/15/alpine3.20/Dockerfile +++ b/15/alpine3.22/Dockerfile @@ -4,10 +4,10 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -57,8 +57,8 @@ ENV PG_VERSION 15.13 ENV PG_SHA256 4f62e133d22ea08a0401b0840920e26698644d01a80c34341fb732dd0a90ca5d ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -113,10 +113,10 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 @@ -172,8 +172,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/15/alpine3.20/docker-ensure-initdb.sh b/15/alpine3.22/docker-ensure-initdb.sh similarity index 100% rename from 15/alpine3.20/docker-ensure-initdb.sh rename to 15/alpine3.22/docker-ensure-initdb.sh diff --git a/15/alpine3.20/docker-entrypoint.sh b/15/alpine3.22/docker-entrypoint.sh similarity index 100% rename from 15/alpine3.20/docker-entrypoint.sh rename to 15/alpine3.22/docker-entrypoint.sh diff --git a/16/alpine3.21/Dockerfile b/16/alpine3.21/Dockerfile index 21f38d7596..1bf2cab5a5 100644 --- a/16/alpine3.21/Dockerfile +++ b/16/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -113,9 +113,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-19; \ \ # configure options taken from: @@ -171,8 +171,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/16/alpine3.20/Dockerfile b/16/alpine3.22/Dockerfile similarity index 93% rename from 16/alpine3.20/Dockerfile rename to 16/alpine3.22/Dockerfile index 6095fa9396..902de7538f 100644 --- a/16/alpine3.20/Dockerfile +++ b/16/alpine3.22/Dockerfile @@ -4,10 +4,10 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -57,8 +57,8 @@ ENV PG_VERSION 16.9 ENV PG_SHA256 07c00fb824df0a0c295f249f44691b86e3266753b380c96f633c3311e10bd005 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -113,10 +113,10 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 @@ -171,8 +171,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/16/alpine3.20/docker-ensure-initdb.sh b/16/alpine3.22/docker-ensure-initdb.sh similarity index 100% rename from 16/alpine3.20/docker-ensure-initdb.sh rename to 16/alpine3.22/docker-ensure-initdb.sh diff --git a/16/alpine3.20/docker-entrypoint.sh b/16/alpine3.22/docker-entrypoint.sh similarity index 100% rename from 16/alpine3.20/docker-entrypoint.sh rename to 16/alpine3.22/docker-entrypoint.sh diff --git a/17/alpine3.21/Dockerfile b/17/alpine3.21/Dockerfile index 9e4bf205bd..c3c81bd437 100644 --- a/17/alpine3.21/Dockerfile +++ b/17/alpine3.21/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -112,9 +112,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-19; \ \ # configure options taken from: @@ -169,8 +169,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/17/alpine3.20/Dockerfile b/17/alpine3.22/Dockerfile similarity index 93% rename from 17/alpine3.20/Dockerfile rename to 17/alpine3.22/Dockerfile index bcf17f32a0..5c303bd7d0 100644 --- a/17/alpine3.20/Dockerfile +++ b/17/alpine3.22/Dockerfile @@ -4,10 +4,10 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.22 # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -56,8 +56,8 @@ ENV PG_VERSION 17.5 ENV PG_SHA256 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 ENV DOCKER_PG_LLVM_DEPS \ - llvm15-dev \ - clang15 + llvm19-dev \ + clang19 RUN set -eux; \ \ @@ -112,10 +112,10 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 - export LLVM_CONFIG="/usr/lib/llvm15/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 - export CLANG=clang-15; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ \ # configure options taken from: # https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 @@ -169,8 +169,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/17/alpine3.20/docker-ensure-initdb.sh b/17/alpine3.22/docker-ensure-initdb.sh similarity index 100% rename from 17/alpine3.20/docker-ensure-initdb.sh rename to 17/alpine3.22/docker-ensure-initdb.sh diff --git a/17/alpine3.20/docker-entrypoint.sh b/17/alpine3.22/docker-entrypoint.sh similarity index 100% rename from 17/alpine3.20/docker-entrypoint.sh rename to 17/alpine3.22/docker-entrypoint.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index d0c90d18c8..29be5edb24 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,7 +5,7 @@ FROM alpine:{{ alpine_version }} # 70 is the standard uid/gid for "postgres" in Alpine -# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.21-stable +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable RUN set -eux; \ addgroup -g 70 -S postgres; \ adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ @@ -58,11 +58,7 @@ ENV PG_SHA256 {{ .sha256 }} {{ def llvmver: - if alpine_version | split(".") | map(tonumber) < [3, 21] then - "15" - else - "19" - end + "19" -}} ENV DOCKER_PG_LLVM_DEPS \ llvm{{ llvmver }}-dev \ @@ -125,9 +121,9 @@ RUN set -eux; \ mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n172 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") export LLVM_CONFIG="/usr/lib/llvm{{ llvmver }}/bin/llvm-config"; \ -# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.21-stable&id=40544ade947bec1798edb0f749f4e967e842624b#n177 +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") export CLANG=clang-{{ llvmver }}; \ \ # configure options taken from: @@ -195,8 +191,7 @@ RUN set -eux; \ zstd \ # https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split icu-data-full \ -# nss_wrapper is not availble on ppc64le: "test case segfaults in ppc64le" -# https://git.alpinelinux.org/aports/commit/testing/nss_wrapper/APKBUILD?h=3.17-stable&id=94d81ceeb58cff448d489bbcbe9a6d40c9991663 +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ ; \ apk del --no-network .build-deps; \ diff --git a/versions.json b/versions.json index 0c4bfb0d20..102381e55c 100644 --- a/versions.json +++ b/versions.json @@ -1,6 +1,6 @@ { "13": { - "alpine": "3.21", + "alpine": "3.22", "bookworm": { "arches": [ "amd64", @@ -23,13 +23,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.21", - "alpine3.20" + "alpine3.22", + "alpine3.21" ], "version": "13.21" }, "14": { - "alpine": "3.21", + "alpine": "3.22", "bookworm": { "arches": [ "amd64", @@ -52,13 +52,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.21", - "alpine3.20" + "alpine3.22", + "alpine3.21" ], "version": "14.18" }, "15": { - "alpine": "3.21", + "alpine": "3.22", "bookworm": { "arches": [ "amd64", @@ -81,13 +81,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.21", - "alpine3.20" + "alpine3.22", + "alpine3.21" ], "version": "15.13" }, "16": { - "alpine": "3.21", + "alpine": "3.22", "bookworm": { "arches": [ "amd64", @@ -110,13 +110,13 @@ "variants": [ "bookworm", "bullseye", - "alpine3.21", - "alpine3.20" + "alpine3.22", + "alpine3.21" ], "version": "16.9" }, "17": { - "alpine": "3.21", + "alpine": "3.22", "bookworm": { "arches": [ "amd64", @@ -139,8 +139,8 @@ "variants": [ "bookworm", "bullseye", - "alpine3.21", - "alpine3.20" + "alpine3.22", + "alpine3.21" ], "version": "17.5" } diff --git a/versions.sh b/versions.sh index ad83e2b000..f466ac57a9 100755 --- a/versions.sh +++ b/versions.sh @@ -7,8 +7,8 @@ supportedDebianSuites=( bullseye ) supportedAlpineVersions=( + 3.22 3.21 - 3.20 ) defaultDebianSuite="${supportedDebianSuites[0]}" declare -A debianSuites=( From d1e97f29ba9be321fe80a74ada1faf750ff2e1b9 Mon Sep 17 00:00:00 2001 From: Rene Leonhardt <65483435+reneleonhardt@users.noreply.github.com> Date: Sat, 31 May 2025 14:40:54 +0200 Subject: [PATCH 138/142] add postgres 18 beta1 --- 18/alpine3.21/Dockerfile | 227 ++++++++++++++++ 18/alpine3.21/docker-ensure-initdb.sh | 71 +++++ 18/alpine3.21/docker-entrypoint.sh | 359 ++++++++++++++++++++++++++ 18/alpine3.22/Dockerfile | 227 ++++++++++++++++ 18/alpine3.22/docker-ensure-initdb.sh | 71 +++++ 18/alpine3.22/docker-entrypoint.sh | 359 ++++++++++++++++++++++++++ 18/bookworm/Dockerfile | 220 ++++++++++++++++ 18/bookworm/docker-ensure-initdb.sh | 71 +++++ 18/bookworm/docker-entrypoint.sh | 359 ++++++++++++++++++++++++++ 18/bullseye/Dockerfile | 220 ++++++++++++++++ 18/bullseye/docker-ensure-initdb.sh | 71 +++++ 18/bullseye/docker-entrypoint.sh | 359 ++++++++++++++++++++++++++ Dockerfile-debian.template | 4 + versions.json | 29 +++ 14 files changed, 2647 insertions(+) create mode 100644 18/alpine3.21/Dockerfile create mode 100755 18/alpine3.21/docker-ensure-initdb.sh create mode 100755 18/alpine3.21/docker-entrypoint.sh create mode 100644 18/alpine3.22/Dockerfile create mode 100755 18/alpine3.22/docker-ensure-initdb.sh create mode 100755 18/alpine3.22/docker-entrypoint.sh create mode 100644 18/bookworm/Dockerfile create mode 100755 18/bookworm/docker-ensure-initdb.sh create mode 100755 18/bookworm/docker-entrypoint.sh create mode 100644 18/bullseye/Dockerfile create mode 100755 18/bullseye/docker-ensure-initdb.sh create mode 100755 18/bullseye/docker-entrypoint.sh diff --git a/18/alpine3.21/Dockerfile b/18/alpine3.21/Dockerfile new file mode 100644 index 0000000000..86aad693fd --- /dev/null +++ b/18/alpine3.21/Dockerfile @@ -0,0 +1,227 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.21 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 18 +ENV PG_VERSION 18beta1 +ENV PG_SHA256 0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm19-dev \ + clang19 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk. +# +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/current/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL. +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/current/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/18/alpine3.21/docker-ensure-initdb.sh b/18/alpine3.21/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/18/alpine3.21/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/18/alpine3.21/docker-entrypoint.sh b/18/alpine3.21/docker-entrypoint.sh new file mode 100755 index 0000000000..ae40666ca1 --- /dev/null +++ b/18/alpine3.21/docker-entrypoint.sh @@ -0,0 +1,359 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/18/alpine3.22/Dockerfile b/18/alpine3.22/Dockerfile new file mode 100644 index 0000000000..c4cc148dde --- /dev/null +++ b/18/alpine3.22/Dockerfile @@ -0,0 +1,227 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.22 + +# 70 is the standard uid/gid for "postgres" in Alpine +# https://git.alpinelinux.org/aports/tree/main/postgresql-common/postgresql-common.pre-install?h=3.22-stable +RUN set -eux; \ + addgroup -g 70 -S postgres; \ + adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +# alpine doesn't require explicit locale-file generation +ENV LANG en_US.utf8 + +RUN mkdir /docker-entrypoint-initdb.d + +ENV PG_MAJOR 18 +ENV PG_VERSION 18beta1 +ENV PG_SHA256 0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885 + +ENV DOCKER_PG_LLVM_DEPS \ + llvm19-dev \ + clang19 + +RUN set -eux; \ + \ + wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \ + echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \ + mkdir -p /usr/src/postgresql; \ + tar \ + --extract \ + --file postgresql.tar.bz2 \ + --directory /usr/src/postgresql \ + --strip-components 1 \ + ; \ + rm postgresql.tar.bz2; \ + \ + apk add --no-cache --virtual .build-deps \ + $DOCKER_PG_LLVM_DEPS \ + bison \ + coreutils \ + dpkg-dev dpkg \ + flex \ + g++ \ + gcc \ + krb5-dev \ + libc-dev \ + libedit-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + make \ + openldap-dev \ + openssl-dev \ + perl-dev \ + perl-ipc-run \ + perl-utils \ + python3-dev \ + tcl-dev \ + util-linux-dev \ + zlib-dev \ +# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13 + icu-dev \ +# https://www.postgresql.org/docs/14/release-14.html#id-1.11.6.5.5.3.7 + lz4-dev \ +# https://www.postgresql.org/docs/15/release-15.html "--with-zstd to enable Zstandard builds" + zstd-dev \ + ; \ + \ + cd /usr/src/postgresql; \ +# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian) +# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f + awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \ + grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \ + mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n176 ("export LLVM_CONFIG") + export LLVM_CONFIG="/usr/lib/llvm19/bin/llvm-config"; \ +# https://git.alpinelinux.org/aports/tree/community/postgresql15/APKBUILD?h=3.22-stable#n180 ("older clang versions don't have a 'clang' exe anymore.") + export CLANG=clang-19; \ + \ +# configure options taken from: +# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5 + ./configure \ + --enable-option-checking=fatal \ + --build="$gnuArch" \ +# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'" +# --enable-nls \ + --enable-integer-datetimes \ + --enable-tap-tests \ +# skip debugging info -- we want tiny size instead +# --enable-debug \ + --disable-rpath \ + --with-uuid=e2fs \ + --with-pgport=5432 \ + --with-system-tzdata=/usr/share/zoneinfo \ + --prefix=/usr/local \ + --with-includes=/usr/local/include \ + --with-libraries=/usr/local/lib \ + --with-gssapi \ + --with-ldap \ + --with-tcl \ + --with-perl \ + --with-python \ +# --with-pam \ + --with-openssl \ + --with-libxml \ + --with-libxslt \ + --with-icu \ + --with-llvm \ + --with-lz4 \ + --with-zstd \ + ; \ + make -j "$(nproc)" world-bin; \ + make install-world-bin; \ + make -C contrib install; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +# Remove plperl, plpython and pltcl dependencies by default to save image size +# To use the pl extensions, those have to be installed in a derived image + | grep -v -e perl -e python -e tcl \ + )"; \ + apk add --no-cache --virtual .postgresql-rundeps \ + $runDeps \ + bash \ + tzdata \ + zstd \ +# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.16.0#ICU_data_split + icu-data-full \ +# https://git.alpinelinux.org/aports/tree/community/nss_wrapper/APKBUILD?h=3.22-stable#n7 ("ppc64le: test case segfaults") + $([ "$(apk --print-arch)" != 'ppc64le' ] && echo 'nss_wrapper') \ + ; \ + apk del --no-network .build-deps; \ + cd /; \ + rm -rf \ + /usr/src/postgresql \ + /usr/local/share/doc \ + /usr/local/share/man \ + ; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample + +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk. +# +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/current/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL. +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/current/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/18/alpine3.22/docker-ensure-initdb.sh b/18/alpine3.22/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/18/alpine3.22/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/18/alpine3.22/docker-entrypoint.sh b/18/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..ae40666ca1 --- /dev/null +++ b/18/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,359 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/18/bookworm/Dockerfile b/18/bookworm/Dockerfile new file mode 100644 index 0000000000..f71b81b9f3 --- /dev/null +++ b/18/bookworm/Dockerfile @@ -0,0 +1,220 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 18 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 18~beta1-1.pgdg120+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) + "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk. +# +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/current/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL. +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/current/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/18/bookworm/docker-ensure-initdb.sh b/18/bookworm/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/18/bookworm/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/18/bookworm/docker-entrypoint.sh b/18/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..ae40666ca1 --- /dev/null +++ b/18/bookworm/docker-entrypoint.sh @@ -0,0 +1,359 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/18/bullseye/Dockerfile b/18/bullseye/Dockerfile new file mode 100644 index 0000000000..c0e3724400 --- /dev/null +++ b/18/bullseye/Dockerfile @@ -0,0 +1,220 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bullseye-slim + +# explicitly set user/group IDs +RUN set -eux; \ + groupadd -r postgres --gid=999; \ +# https://salsa.debian.org/postgresql/postgresql-common/blob/997d842ee744687d99a2b2d95c1083a2615c79e8/debian/postgresql-common.postinst#L32-35 + useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; \ +# also create the postgres user's home directory with appropriate permissions +# see https://github.com/docker-library/postgres/issues/274 + install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ +# https://www.postgresql.org/docs/16/app-psql.html#APP-PSQL-META-COMMAND-PSET-PAGER +# https://github.com/postgres/postgres/blob/REL_16_1/src/include/fe_utils/print.h#L25 +# (if "less" is available, it gets used as the default pager for psql, and it only adds ~1.5MiB to our image size) + less \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true + +# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default +RUN set -eux; \ + if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then \ +# if this file exists, we're likely in "debian:xxx-slim", and locales are thus being excluded so we need to remove that exclusion (since we need locales) + grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; \ + ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; \ + fi; \ + apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; \ + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; \ + locale-gen; \ + locale -a | grep 'en_US.utf8' +ENV LANG en_US.utf8 + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libnss-wrapper \ + xz-utils \ + zstd \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /docker-entrypoint-initdb.d + +RUN set -ex; \ +# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02] +# Key fingerprint = B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 +# uid PostgreSQL Debian Repository + key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ + export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" + +ENV PG_MAJOR 18 +ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin + +ENV PG_VERSION 18~beta1-1.pgdg110+1 + +RUN set -ex; \ + \ +# see note below about "*.pyc" files + export PYTHONDONTWRITEBYTECODE=1; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ + case "$dpkgArch" in \ + amd64 | arm64 | ppc64el) \ +# arches officialy built by upstream + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + apt-get update; \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from their published source packages + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + tempDir="$(mktemp -d)"; \ + cd "$tempDir"; \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + apt-get update; \ + apt-get install -y --no-install-recommends dpkg-dev; \ + echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \ + _update_repo() { \ + dpkg-scanpackages . > Packages; \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + apt-get -o Acquire::GzipIndexes=false update; \ + }; \ + _update_repo; \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + nproc="$(nproc)"; \ + export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; \ +# we have to build postgresql-common-dev first because postgresql-$PG_MAJOR shares "debian/rules" logic with it: https://salsa.debian.org/postgresql/postgresql/-/commit/f4338a0d28cf4541956bddb0f4e444ba9dba81b9 + apt-get build-dep -y postgresql-common-dev; \ + apt-get source --compile postgresql-common-dev; \ + _update_repo; \ + apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; \ + apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; \ + \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + apt-mark showmanual | xargs apt-mark auto > /dev/null; \ + apt-mark manual $savedAptMark; \ + \ + ls -lAFh; \ + _update_repo; \ + grep '^Package: ' Packages; \ + cd /; \ + ;; \ + esac; \ + \ + apt-get install -y --no-install-recommends postgresql-common; \ + sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ + apt-get install -y --no-install-recommends \ + "postgresql-$PG_MAJOR=$PG_VERSION" \ +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) + "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ + ; \ + \ + rm -rf /var/lib/apt/lists/*; \ + \ + if [ -n "$tempDir" ]; then \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + apt-get purge -y --auto-remove; \ + rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi; \ + \ +# some of the steps above generate a lot of "*.pyc" files (and setting "PYTHONDONTWRITEBYTECODE" beforehand doesn't propagate properly for some reason), so we clean them up manually (as long as they aren't owned by a package) + find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' +; \ + \ + postgres --version + +# make the sample config easier to munge (and "correct by default") +RUN set -eux; \ + dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; \ + cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; \ + ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; \ + sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ + grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample + +RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql + +ENV PGDATA /var/lib/postgresql/data +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" +VOLUME /var/lib/postgresql/data + +COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ +RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL +# calls "Fast Shutdown mode" wherein new connections are disallowed and any +# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and +# flush tables to disk. +# +# See https://www.postgresql.org/docs/current/server-shutdown.html for more details +# about available PostgreSQL server shutdown signals. +# +# See also https://www.postgresql.org/docs/current/server-start.html for further +# justification of this as the default value, namely that the example (and +# shipped) systemd service files use the "Fast Shutdown mode" for service +# termination. +# +STOPSIGNAL SIGINT +# +# An additional setting that is recommended for all users regardless of this +# value is the runtime "--stop-timeout" (or your orchestrator/runtime's +# equivalent) for controlling how long to wait between sending the defined +# STOPSIGNAL and sending SIGKILL. +# +# The default in most runtimes (such as Docker) is 10 seconds, and the +# documentation at https://www.postgresql.org/docs/current/server-start.html notes +# that even 90 seconds may not be long enough in many instances. + +EXPOSE 5432 +CMD ["postgres"] diff --git a/18/bullseye/docker-ensure-initdb.sh b/18/bullseye/docker-ensure-initdb.sh new file mode 100755 index 0000000000..ae1f6b6b90 --- /dev/null +++ b/18/bullseye/docker-ensure-initdb.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# +# This script is intended for three main use cases: +# +# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior +# +# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution +# (no-op if database is already initialized) +# +# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use +# (error if database is already initialized) +# + +source /usr/local/bin/docker-entrypoint.sh + +# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there) +if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then + set -- postgres "$@" +fi + +# see also "_main" in "docker-entrypoint.sh" + +docker_setup_env +# setup data directories and permissions (when run as root) +docker_create_db_directories +if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" +fi + +# only run initialization on an empty data directory +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD +else + self="$(basename "$0")" + case "$self" in + docker-ensure-initdb.sh) + echo >&2 "$self: note: database already initialized in '$PGDATA'!" + exit 0 + ;; + + docker-enforce-initdb.sh) + echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!" + exit 1 + ;; + + *) + echo >&2 "$self: error: unknown file name: $self" + exit 99 + ;; + esac +fi diff --git a/18/bullseye/docker-entrypoint.sh b/18/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..ae40666ca1 --- /dev/null +++ b/18/bullseye/docker-entrypoint.sh @@ -0,0 +1,359 @@ +#!/usr/bin/env bash +set -Eeo pipefail +# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables) + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user +docker_create_db_directories() { + local user; user="$(id -u)" + + mkdir -p "$PGDATA" + # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) + chmod 00700 "$PGDATA" || : + + # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 + mkdir -p /var/run/postgresql || : + chmod 03775 /var/run/postgresql || : + + # Create the transaction log directory before initdb is run so the directory is owned by the correct user + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + mkdir -p "$POSTGRES_INITDB_WALDIR" + if [ "$user" = '0' ]; then + find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + + fi + chmod 700 "$POSTGRES_INITDB_WALDIR" + fi + + # allow the container to be started with `--user` + if [ "$user" = '0' ]; then + find "$PGDATA" \! -user postgres -exec chown postgres '{}' + + find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + + fi +} + +# initialize empty PGDATA directory with new database via 'initdb' +# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function +# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames +# this is also where the database user is created, specified by `POSTGRES_USER` env +docker_init_database_dir() { + # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary + # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html + local uid; uid="$(id -u)" + if ! getent passwd "$uid" &> /dev/null; then + # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) + local wrapper + for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do + if [ -s "$wrapper" ]; then + NSS_WRAPPER_PASSWD="$(mktemp)" + NSS_WRAPPER_GROUP="$(mktemp)" + export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + local gid; gid="$(id -g)" + printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" + printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" + break + fi + done + fi + + if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then + set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" + fi + + # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 + eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' + + # unset/cleanup "nss_wrapper" bits + if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then + rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP + fi +} + +# print large warning if POSTGRES_PASSWORD is long +# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' +# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' +# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] +docker_verify_minimum_env() { + case "${PG_MAJOR:-}" in + 13) # https://github.com/postgres/postgres/commit/67a472d71c98c3d2fa322a1b4013080b20720b98 + # check password first so we can output the warning before postgres + # messes it up + if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then + cat >&2 <<-'EOWARN' + + WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. + + This will not work if used via PGPASSWORD with "psql". + + https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) + https://github.com/docker-library/postgres/issues/507 + + EOWARN + fi + ;; + esac + if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOE' + Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + EOE + exit 1 + fi + if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then + cat >&2 <<-'EOWARN' + ******************************************************************************** + WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow + anyone with access to the Postgres port to access your database without + a password, even if POSTGRES_PASSWORD is set. See PostgreSQL + documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html + In Docker's default configuration, this is effectively any other + container on the same system. + + It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace + it with "-e POSTGRES_PASSWORD=password" instead to set a password in + "docker run". + ******************************************************************************** + EOWARN + fi +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions and permissions +docker_process_init_files() { + # psql here for backwards compatibility "${psql[@]}" + psql=( docker_process_sql ) + + printf '\n' + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + printf '%s: running %s\n' "$0" "$f" + "$f" + else + printf '%s: sourcing %s\n' "$0" "$f" + . "$f" + fi + ;; + *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; + *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; + *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; + *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; + *) printf '%s: ignoring %s\n' "$0" "$f" ;; + esac + printf '\n' + done +} + +# Execute sql script, passed via stdin (or -f flag of pqsl) +# usage: docker_process_sql [psql-cli-args] +# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' +# ie: docker_process_sql -f my-file.sql +# ie: docker_process_sql > "$PGDATA/pg_hba.conf" +} + +# start socket-only postgresql server for setting up or running scripts +# all arguments will be passed along as arguments to `postgres` (via pg_ctl) +docker_temp_server_start() { + if [ "$1" = 'postgres' ]; then + shift + fi + + # internal start of server in order to allow setup using psql client + # does not listen on external TCP/IP and waits until start finishes + set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" + + # unset NOTIFY_SOCKET so the temporary server doesn't prematurely notify + # any process supervisor. + NOTIFY_SOCKET= \ + PGUSER="${PGUSER:-$POSTGRES_USER}" \ + pg_ctl -D "$PGDATA" \ + -o "$(printf '%q ' "$@")" \ + -w start +} + +# stop postgresql server after done setting up user and running scripts +docker_temp_server_stop() { + PGUSER="${PGUSER:-postgres}" \ + pg_ctl -D "$PGDATA" -m fast -w stop +} + +# check arguments for an option that would cause postgres to stop +# return true if there is one +_pg_want_help() { + local arg + for arg; do + case "$arg" in + # postgres --help | grep 'then exit' + # leaving out -C on purpose since it always fails and is unhelpful: + # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory + -'?'|--help|--describe-config|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if first arg looks like a flag, assume we want to run postgres server + if [ "${1:0:1}" = '-' ]; then + set -- postgres "$@" + fi + + if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then + docker_setup_env + # setup data directories and permissions (when run as root) + docker_create_db_directories + if [ "$(id -u)" = '0' ]; then + # then restart script as postgres user + exec gosu postgres "$BASH_SOURCE" "$@" + fi + + # only run initialization on an empty data directory + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir + pg_setup_hba_conf "$@" + + # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless + # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS + export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" + docker_temp_server_start "$@" + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + docker_temp_server_stop + unset PGPASSWORD + + cat <<-'EOM' + + PostgreSQL init process complete; ready for start up. + + EOM + else + cat <<-'EOM' + + PostgreSQL Database directory appears to contain a database; Skipping initialization + + EOM + fi + fi + + exec "$@" +} + +if ! _is_sourced; then + _main "$@" +fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a81072a524..340047f611 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -154,6 +154,10 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ +{{ if .major >= 18 then ( -}} +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) + "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ +{{ ) else "" end -}} ; \ \ rm -rf /var/lib/apt/lists/*; \ diff --git a/versions.json b/versions.json index 102381e55c..96e2558966 100644 --- a/versions.json +++ b/versions.json @@ -143,5 +143,34 @@ "alpine3.21" ], "version": "17.5" + }, + "18": { + "alpine": "3.22", + "bookworm": { + "arches": [ + "amd64", + "arm64", + "ppc64el" + ], + "version": "18~beta1-1.pgdg120+1" + }, + "bullseye": { + "arches": [ + "amd64", + "arm64", + "ppc64el" + ], + "version": "18~beta1-1.pgdg110+1" + }, + "debian": "bookworm", + "major": 18, + "sha256": "0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885", + "variants": [ + "bookworm", + "bullseye", + "alpine3.22", + "alpine3.21" + ], + "version": "18beta1" } } From b9a533c87bdd767c228bf4c7490f9a6437a7d9f3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 8 Jul 2024 15:23:35 -0700 Subject: [PATCH 139/142] Change `PGDATA` in 18+ to `/var/lib/postgresql/MAJOR/docker` This is a pretty large breaking change, which is why this only makes the change in 18+ (which is currently in pre-release stages, and not due for GA until September, and pre-release `PGDATA` directories are officially *not supported* on the GA release anyhow). Concretely, this changes `PGDATA` to `/var/lib/postgresql/MAJOR/docker`, which matches the pre-existing convention/standard of the `pg_ctlcluster`/`postgresql-common` set of commands, and frankly is what we should've done to begin with, in a classic case of Chesterton's Fence (https://en.wikipedia.org/wiki/Wikipedia:Chesterton%27s_fence). This also changes the `VOLUME` to `/var/lib/postgresql`, which should be more reasonable, and make the upgrade constraints more obvious. For any users who have been testing the pre-releases, the simplest way to keep your existing data directory is going to be to add `PGDATA=/var/lib/postgresql/data` as an environment variable on your container or adjust your bind-mount from `/var/lib/postgresql/data` to `/var/lib/postgresql/18/docker`, but the *best* way is going to be to refactor your host directory such that your data lives at `18/docker` inside and you can then mount directly to `/var/lib/postgresql` (possibly setting `PGDATA=/var/lib/postgresql/MAJOR/docker` as well, if you want to go overboard on being explicit). --- 18/alpine3.21/Dockerfile | 11 +++++++---- 18/alpine3.22/Dockerfile | 11 +++++++---- 18/bookworm/Dockerfile | 11 +++++++---- 18/bullseye/Dockerfile | 11 +++++++---- Dockerfile-alpine.template | 10 ++++++++++ Dockerfile-debian.template | 10 ++++++++++ 6 files changed, 48 insertions(+), 16 deletions(-) diff --git a/18/alpine3.21/Dockerfile b/18/alpine3.21/Dockerfile index 86aad693fd..e9eff8d01f 100644 --- a/18/alpine3.21/Dockerfile +++ b/18/alpine3.21/Dockerfile @@ -190,10 +190,13 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/18/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh diff --git a/18/alpine3.22/Dockerfile b/18/alpine3.22/Dockerfile index c4cc148dde..248d5cb987 100644 --- a/18/alpine3.22/Dockerfile +++ b/18/alpine3.22/Dockerfile @@ -190,10 +190,13 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/18/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh diff --git a/18/bookworm/Dockerfile b/18/bookworm/Dockerfile index f71b81b9f3..88e36344e0 100644 --- a/18/bookworm/Dockerfile +++ b/18/bookworm/Dockerfile @@ -183,10 +183,13 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/18/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh diff --git a/18/bullseye/Dockerfile b/18/bullseye/Dockerfile index c0e3724400..b2ec63d5b9 100644 --- a/18/bullseye/Dockerfile +++ b/18/bullseye/Dockerfile @@ -183,10 +183,13 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql -ENV PGDATA /var/lib/postgresql/data -# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) -RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" -VOLUME /var/lib/postgresql/data +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/18/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 29be5edb24..e64ad2fc2f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -212,10 +212,20 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql +{{ if .major >= 18 then ( -}} +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/{{ .major | tostring }}/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) +{{ ) else ( -}} ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data +{{ ) end -}} COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 340047f611..de0ea03974 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -183,10 +183,20 @@ RUN set -eux; \ RUN install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql +{{ if .major >= 18 then ( -}} +# +# NOTE: in 18+, PGDATA has changed to match the pg_ctlcluster standard directory structure, and the VOLUME has moved from /var/lib/postgresql/data to /var/lib/postgresql +# +ENV PGDATA /var/lib/postgresql/{{ .major | tostring }}/docker +RUN ln -svT . /var/lib/postgresql/data # https://github.com/docker-library/postgres/pull/1259#issuecomment-2215477494 +VOLUME /var/lib/postgresql +# ("/var/lib/postgresql" is already pre-created with suitably usable permissions above) +{{ ) else ( -}} ENV PGDATA /var/lib/postgresql/data # this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" VOLUME /var/lib/postgresql/data +{{ ) end -}} COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh From 2c6fe8daca9d2ccc143afe6b1cdbc1eb80379d3f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 4 Jun 2025 15:56:12 -0700 Subject: [PATCH 140/142] Add logic to error out on detection of "old databases" --- 13/alpine3.21/docker-ensure-initdb.sh | 1 + 13/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 13/alpine3.22/docker-ensure-initdb.sh | 1 + 13/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 13/bookworm/docker-ensure-initdb.sh | 1 + 13/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 13/bullseye/docker-ensure-initdb.sh | 1 + 13/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 14/alpine3.21/docker-ensure-initdb.sh | 1 + 14/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 14/alpine3.22/docker-ensure-initdb.sh | 1 + 14/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 14/bookworm/docker-ensure-initdb.sh | 1 + 14/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 14/bullseye/docker-ensure-initdb.sh | 1 + 14/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 15/alpine3.21/docker-ensure-initdb.sh | 1 + 15/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 15/alpine3.22/docker-ensure-initdb.sh | 1 + 15/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 15/bookworm/docker-ensure-initdb.sh | 1 + 15/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 15/bullseye/docker-ensure-initdb.sh | 1 + 15/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 16/alpine3.21/docker-ensure-initdb.sh | 1 + 16/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 16/alpine3.22/docker-ensure-initdb.sh | 1 + 16/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 16/bookworm/docker-ensure-initdb.sh | 1 + 16/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 16/bullseye/docker-ensure-initdb.sh | 1 + 16/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 17/alpine3.21/docker-ensure-initdb.sh | 1 + 17/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 17/alpine3.22/docker-ensure-initdb.sh | 1 + 17/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 17/bookworm/docker-ensure-initdb.sh | 1 + 17/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 17/bullseye/docker-ensure-initdb.sh | 1 + 17/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 18/alpine3.21/docker-ensure-initdb.sh | 1 + 18/alpine3.21/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 18/alpine3.22/docker-ensure-initdb.sh | 1 + 18/alpine3.22/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 18/bookworm/docker-ensure-initdb.sh | 1 + 18/bookworm/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 18/bullseye/docker-ensure-initdb.sh | 1 + 18/bullseye/docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ docker-ensure-initdb.sh | 1 + docker-entrypoint.sh | 32 +++++++++++++++++++++++++++ 50 files changed, 825 insertions(+) diff --git a/13/alpine3.21/docker-ensure-initdb.sh b/13/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/13/alpine3.21/docker-ensure-initdb.sh +++ b/13/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/alpine3.21/docker-entrypoint.sh b/13/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/13/alpine3.21/docker-entrypoint.sh +++ b/13/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/alpine3.22/docker-ensure-initdb.sh b/13/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/13/alpine3.22/docker-ensure-initdb.sh +++ b/13/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/alpine3.22/docker-entrypoint.sh b/13/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/13/alpine3.22/docker-entrypoint.sh +++ b/13/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/bookworm/docker-ensure-initdb.sh b/13/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/13/bookworm/docker-ensure-initdb.sh +++ b/13/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/bookworm/docker-entrypoint.sh b/13/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/13/bookworm/docker-entrypoint.sh +++ b/13/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/bullseye/docker-ensure-initdb.sh b/13/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/13/bullseye/docker-ensure-initdb.sh +++ b/13/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/13/bullseye/docker-entrypoint.sh b/13/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/13/bullseye/docker-entrypoint.sh +++ b/13/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/alpine3.21/docker-ensure-initdb.sh b/14/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/14/alpine3.21/docker-ensure-initdb.sh +++ b/14/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/alpine3.21/docker-entrypoint.sh b/14/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/14/alpine3.21/docker-entrypoint.sh +++ b/14/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/alpine3.22/docker-ensure-initdb.sh b/14/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/14/alpine3.22/docker-ensure-initdb.sh +++ b/14/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/alpine3.22/docker-entrypoint.sh b/14/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/14/alpine3.22/docker-entrypoint.sh +++ b/14/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/bookworm/docker-ensure-initdb.sh b/14/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/14/bookworm/docker-ensure-initdb.sh +++ b/14/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/bookworm/docker-entrypoint.sh b/14/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/14/bookworm/docker-entrypoint.sh +++ b/14/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/bullseye/docker-ensure-initdb.sh b/14/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/14/bullseye/docker-ensure-initdb.sh +++ b/14/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/14/bullseye/docker-entrypoint.sh b/14/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/14/bullseye/docker-entrypoint.sh +++ b/14/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/alpine3.21/docker-ensure-initdb.sh b/15/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/15/alpine3.21/docker-ensure-initdb.sh +++ b/15/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/alpine3.21/docker-entrypoint.sh b/15/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/15/alpine3.21/docker-entrypoint.sh +++ b/15/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/alpine3.22/docker-ensure-initdb.sh b/15/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/15/alpine3.22/docker-ensure-initdb.sh +++ b/15/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/alpine3.22/docker-entrypoint.sh b/15/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/15/alpine3.22/docker-entrypoint.sh +++ b/15/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/bookworm/docker-ensure-initdb.sh b/15/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/15/bookworm/docker-ensure-initdb.sh +++ b/15/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/bookworm/docker-entrypoint.sh b/15/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/15/bookworm/docker-entrypoint.sh +++ b/15/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/bullseye/docker-ensure-initdb.sh b/15/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/15/bullseye/docker-ensure-initdb.sh +++ b/15/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/15/bullseye/docker-entrypoint.sh b/15/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/15/bullseye/docker-entrypoint.sh +++ b/15/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/alpine3.21/docker-ensure-initdb.sh b/16/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/16/alpine3.21/docker-ensure-initdb.sh +++ b/16/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/alpine3.21/docker-entrypoint.sh b/16/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/16/alpine3.21/docker-entrypoint.sh +++ b/16/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/alpine3.22/docker-ensure-initdb.sh b/16/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/16/alpine3.22/docker-ensure-initdb.sh +++ b/16/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/alpine3.22/docker-entrypoint.sh b/16/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/16/alpine3.22/docker-entrypoint.sh +++ b/16/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/bookworm/docker-ensure-initdb.sh b/16/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/16/bookworm/docker-ensure-initdb.sh +++ b/16/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/bookworm/docker-entrypoint.sh b/16/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/16/bookworm/docker-entrypoint.sh +++ b/16/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/bullseye/docker-ensure-initdb.sh b/16/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/16/bullseye/docker-ensure-initdb.sh +++ b/16/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/16/bullseye/docker-entrypoint.sh b/16/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/16/bullseye/docker-entrypoint.sh +++ b/16/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/alpine3.21/docker-ensure-initdb.sh b/17/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/17/alpine3.21/docker-ensure-initdb.sh +++ b/17/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/alpine3.21/docker-entrypoint.sh b/17/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/17/alpine3.21/docker-entrypoint.sh +++ b/17/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/alpine3.22/docker-ensure-initdb.sh b/17/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/17/alpine3.22/docker-ensure-initdb.sh +++ b/17/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/alpine3.22/docker-entrypoint.sh b/17/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/17/alpine3.22/docker-entrypoint.sh +++ b/17/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/bookworm/docker-ensure-initdb.sh b/17/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/17/bookworm/docker-ensure-initdb.sh +++ b/17/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/bookworm/docker-entrypoint.sh b/17/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/17/bookworm/docker-entrypoint.sh +++ b/17/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/bullseye/docker-ensure-initdb.sh b/17/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/17/bullseye/docker-ensure-initdb.sh +++ b/17/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/17/bullseye/docker-entrypoint.sh b/17/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/17/bullseye/docker-entrypoint.sh +++ b/17/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/alpine3.21/docker-ensure-initdb.sh b/18/alpine3.21/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/18/alpine3.21/docker-ensure-initdb.sh +++ b/18/alpine3.21/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/alpine3.21/docker-entrypoint.sh b/18/alpine3.21/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/18/alpine3.21/docker-entrypoint.sh +++ b/18/alpine3.21/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/alpine3.22/docker-ensure-initdb.sh b/18/alpine3.22/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/18/alpine3.22/docker-ensure-initdb.sh +++ b/18/alpine3.22/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/alpine3.22/docker-entrypoint.sh b/18/alpine3.22/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/18/alpine3.22/docker-entrypoint.sh +++ b/18/alpine3.22/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/bookworm/docker-ensure-initdb.sh b/18/bookworm/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/18/bookworm/docker-ensure-initdb.sh +++ b/18/bookworm/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/bookworm/docker-entrypoint.sh b/18/bookworm/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/18/bookworm/docker-entrypoint.sh +++ b/18/bookworm/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/bullseye/docker-ensure-initdb.sh b/18/bullseye/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/18/bullseye/docker-ensure-initdb.sh +++ b/18/bullseye/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/18/bullseye/docker-entrypoint.sh b/18/bullseye/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/18/bullseye/docker-entrypoint.sh +++ b/18/bullseye/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/docker-ensure-initdb.sh b/docker-ensure-initdb.sh index ae1f6b6b90..e9b15ef77d 100755 --- a/docker-ensure-initdb.sh +++ b/docker-ensure-initdb.sh @@ -33,6 +33,7 @@ fi # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ae40666ca1..5a62870b50 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -154,6 +154,29 @@ docker_verify_minimum_env() { EOWARN fi } +# similar to the above, but errors if there are any "old" databases detected (usually due to upgrades without pg_upgrade) +docker_error_old_databases() { + if [ -n "${OLD_DATABASES[0]:-}" ]; then + cat >&2 <<-EOE + Error: in 18+, these Docker images are configured to store database data in a + format which is compatible with "pg_ctlcluster" (specifically, using + major-version-specific directory names). This better reflects how + PostgreSQL itself works, and how upgrades are to be performed. + + See also https://github.com/docker-library/postgres/pull/1259 + + Counter to that, there appears to be PostgreSQL data in: + ${OLD_DATABASES[*]} + + This is usually the result of upgrading the Docker image without upgrading + the underlying database using "pg_upgrade" (which requires both versions). + + See https://github.com/docker-library/postgres/issues/37 for a (long) + discussion around this process, and suggestions for how to do so. + EOE + exit 1 + fi +} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -230,9 +253,17 @@ docker_setup_env() { declare -g DATABASE_ALREADY_EXISTS : "${DATABASE_ALREADY_EXISTS:=}" + declare -ag OLD_DATABASES=() # look specifically for PG_VERSION, as it is expected in the DB dir if [ -s "$PGDATA/PG_VERSION" ]; then DATABASE_ALREADY_EXISTS='true' + elif [ "$PGDATA" = "/var/lib/postgresql/$PG_MAJOR/docker" ]; then + # https://github.com/docker-library/postgres/pull/1259 + for d in /var/lib/postgresql /var/lib/postgresql/data /var/lib/postgresql/*/docker; do + if [ -s "$d/PG_VERSION" ]; then + OLD_DATABASES+=( "$d" ) + fi + done fi } @@ -319,6 +350,7 @@ _main() { # only run initialization on an empty data directory if [ -z "$DATABASE_ALREADY_EXISTS" ]; then docker_verify_minimum_env + docker_error_old_databases # check dir permissions to reduce likelihood of half-initialized database ls /docker-entrypoint-initdb.d/ > /dev/null From 46e8474a6e8ac8460416ac62afcbdf59cfeb6366 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 9 Jun 2025 14:23:06 -0700 Subject: [PATCH 141/142] Only install 18+ JIT package on architectures where it's supported See: - https://salsa.debian.org/postgresql/postgresql/-/commit/eaa9529d8ecb0beaeebeb5b09362dbdf4ce34c0c "Make LLVM architectures a inclusion list so it works in the Architecture field." (which removes i386, notably) - https://salsa.debian.org/postgresql/postgresql/-/commit/1d6f624592d18d0cb0d694675037984f0d44b5ae "Disable JIT on loong64 and riscv64 again, still segfaulting." --- 18/bookworm/Dockerfile | 6 ++++-- 18/bullseye/Dockerfile | 6 ++++-- Dockerfile-debian.template | 8 +++++--- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/18/bookworm/Dockerfile b/18/bookworm/Dockerfile index 88e36344e0..0cf4c0fb08 100644 --- a/18/bookworm/Dockerfile +++ b/18/bookworm/Dockerfile @@ -156,9 +156,11 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ -# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) - "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ ; \ +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+, but only supported for a subset of architectures) + if apt-get install -s "postgresql-$PG_MAJOR-jit" > /dev/null 2>&1; then \ + apt-get install -y --no-install-recommends "postgresql-$PG_MAJOR-jit=$PG_VERSION"; \ + fi; \ \ rm -rf /var/lib/apt/lists/*; \ \ diff --git a/18/bullseye/Dockerfile b/18/bullseye/Dockerfile index b2ec63d5b9..2a4b74b9ff 100644 --- a/18/bullseye/Dockerfile +++ b/18/bullseye/Dockerfile @@ -156,9 +156,11 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ -# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) - "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ ; \ +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+, but only supported for a subset of architectures) + if apt-get install -s "postgresql-$PG_MAJOR-jit" > /dev/null 2>&1; then \ + apt-get install -y --no-install-recommends "postgresql-$PG_MAJOR-jit=$PG_VERSION"; \ + fi; \ \ rm -rf /var/lib/apt/lists/*; \ \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index de0ea03974..81a6a0a0c5 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -154,11 +154,13 @@ RUN set -ex; \ sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ apt-get install -y --no-install-recommends \ "postgresql-$PG_MAJOR=$PG_VERSION" \ + ; \ {{ if .major >= 18 then ( -}} -# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+) - "postgresql-$PG_MAJOR-jit=$PG_VERSION" \ +# https://github.com/docker-library/postgres/pull/1344#issuecomment-2936578203 (JIT is a separate package in 18+, but only supported for a subset of architectures) + if apt-get install -s "postgresql-$PG_MAJOR-jit" > /dev/null 2>&1; then \ + apt-get install -y --no-install-recommends "postgresql-$PG_MAJOR-jit=$PG_VERSION"; \ + fi; \ {{ ) else "" end -}} - ; \ \ rm -rf /var/lib/apt/lists/*; \ \ From 889f9447cd2dfe21cccfbe9bb7945e3b037e02d8 Mon Sep 17 00:00:00 2001 From: Docker Library Bot Date: Fri, 18 Jul 2025 11:03:02 -0700 Subject: [PATCH 142/142] Update 18 to 18beta2, bookworm 18~beta2-1.pgdg120+1, bullseye 18~beta2-1.pgdg110+1 --- 18/alpine3.21/Dockerfile | 4 ++-- 18/alpine3.22/Dockerfile | 4 ++-- 18/bookworm/Dockerfile | 2 +- 18/bullseye/Dockerfile | 2 +- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/18/alpine3.21/Dockerfile b/18/alpine3.21/Dockerfile index e9eff8d01f..d124d7eb5c 100644 --- a/18/alpine3.21/Dockerfile +++ b/18/alpine3.21/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 18 -ENV PG_VERSION 18beta1 -ENV PG_SHA256 0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885 +ENV PG_VERSION 18beta2 +ENV PG_SHA256 1d16b58244b630194432b88d9ff25f5fea85a001ff2c715a157d4be6787f3075 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/18/alpine3.22/Dockerfile b/18/alpine3.22/Dockerfile index 248d5cb987..b310639404 100644 --- a/18/alpine3.22/Dockerfile +++ b/18/alpine3.22/Dockerfile @@ -52,8 +52,8 @@ ENV LANG en_US.utf8 RUN mkdir /docker-entrypoint-initdb.d ENV PG_MAJOR 18 -ENV PG_VERSION 18beta1 -ENV PG_SHA256 0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885 +ENV PG_VERSION 18beta2 +ENV PG_SHA256 1d16b58244b630194432b88d9ff25f5fea85a001ff2c715a157d4be6787f3075 ENV DOCKER_PG_LLVM_DEPS \ llvm19-dev \ diff --git a/18/bookworm/Dockerfile b/18/bookworm/Dockerfile index 0cf4c0fb08..91e060b8b7 100644 --- a/18/bookworm/Dockerfile +++ b/18/bookworm/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 18 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 18~beta1-1.pgdg120+1 +ENV PG_VERSION 18~beta2-1.pgdg120+1 RUN set -ex; \ \ diff --git a/18/bullseye/Dockerfile b/18/bullseye/Dockerfile index 2a4b74b9ff..896dd4475f 100644 --- a/18/bullseye/Dockerfile +++ b/18/bullseye/Dockerfile @@ -89,7 +89,7 @@ RUN set -ex; \ ENV PG_MAJOR 18 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin -ENV PG_VERSION 18~beta1-1.pgdg110+1 +ENV PG_VERSION 18~beta2-1.pgdg110+1 RUN set -ex; \ \ diff --git a/versions.json b/versions.json index 96e2558966..dc49222596 100644 --- a/versions.json +++ b/versions.json @@ -152,7 +152,7 @@ "arm64", "ppc64el" ], - "version": "18~beta1-1.pgdg120+1" + "version": "18~beta2-1.pgdg120+1" }, "bullseye": { "arches": [ @@ -160,17 +160,17 @@ "arm64", "ppc64el" ], - "version": "18~beta1-1.pgdg110+1" + "version": "18~beta2-1.pgdg110+1" }, "debian": "bookworm", "major": 18, - "sha256": "0b7c83df6195398aa67dbf5c002e7fa4082be393aae99aa69926d483f98eb885", + "sha256": "1d16b58244b630194432b88d9ff25f5fea85a001ff2c715a157d4be6787f3075", "variants": [ "bookworm", "bullseye", "alpine3.22", "alpine3.21" ], - "version": "18beta1" + "version": "18beta2" } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy